General

  • Target

    27bb7779c7fa7dc719b70002f991fc4fda0de9539e110a64ad7df726e7a29065

  • Size

    221KB

  • Sample

    221221-f7zt4aeg8w

  • MD5

    842b3e632fc82554907e4742fe902552

  • SHA1

    87a0699891cd1852ac7366975028292fa96777d8

  • SHA256

    27bb7779c7fa7dc719b70002f991fc4fda0de9539e110a64ad7df726e7a29065

  • SHA512

    1f6ff335babb0f6f15aed85130af66462ca9e59c189d32bfbc2204430b570ae8e3629e62f2601e128f0a289475cca515513bf8124c5f80bd96c917976651cd51

  • SSDEEP

    3072:V7PYCULZRt15h1o1lM7FIz46MJaw4snTt8w892bi7b/TY06tNHCDml:BY3LZR/L2z0aJsG3MVPCa

Malware Config

Targets

    • Target

      27bb7779c7fa7dc719b70002f991fc4fda0de9539e110a64ad7df726e7a29065

    • Size

      221KB

    • MD5

      842b3e632fc82554907e4742fe902552

    • SHA1

      87a0699891cd1852ac7366975028292fa96777d8

    • SHA256

      27bb7779c7fa7dc719b70002f991fc4fda0de9539e110a64ad7df726e7a29065

    • SHA512

      1f6ff335babb0f6f15aed85130af66462ca9e59c189d32bfbc2204430b570ae8e3629e62f2601e128f0a289475cca515513bf8124c5f80bd96c917976651cd51

    • SSDEEP

      3072:V7PYCULZRt15h1o1lM7FIz46MJaw4snTt8w892bi7b/TY06tNHCDml:BY3LZR/L2z0aJsG3MVPCa

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

3
T1012

System Information Discovery

3
T1082

Peripheral Device Discovery

1
T1120

Tasks