danabot | a5f4f4c2a2e7dc35fd28e2f0d7327f04f36a7b1094023db2d2127f77678f6162 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

a5f4f4c2a2e7dc35fd28e2f0d7327f04f36a7b1094023db2d2127f77678f6162
Size

220KB
Sample

221221-feyfkaeg5s
MD5

f8e39a71181e2c58912af2da7ab7a797
SHA1

9562e4135653a854657d05dde5073ebd7a9b958a
SHA256

a5f4f4c2a2e7dc35fd28e2f0d7327f04f36a7b1094023db2d2127f77678f6162
SHA512

40db32b014305a6dc57ce0e63261313da48520907d7a4b78f9f5374d3c9745cebcb2d81e69a3f35495237809d3459f9c6c23e98e7fdbd54e3c44af6b50886603
SSDEEP

3072:M/lXL0N115qEPG87BONAU7WcXmLm33MKKGeJmSndiqV7b/hQL44rFZNHCDml:KxL0NRPP7Qd71cKKdNvJQkKFzCa

Score

10^/10

danabot smokeloader backdoor banker discovery trojan

Static task

static1

Behavioral task

behavioral1

Sample

a5f4f4c2a2e7dc35fd28e2f0d7327f04f36a7b1094023db2d2127f77678f6162.exe

Resource

win10v2004-20221111-en

danabot smokeloader backdoor banker discovery trojan

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  a5f4f4c2a2e7dc35fd28e2f0d7327f04f36a7b1094023db2d2127f77678f6162
- Size
  
  220KB
- MD5
  
  f8e39a71181e2c58912af2da7ab7a797
- SHA1
  
  9562e4135653a854657d05dde5073ebd7a9b958a
- SHA256
  
  a5f4f4c2a2e7dc35fd28e2f0d7327f04f36a7b1094023db2d2127f77678f6162
- SHA512
  
  40db32b014305a6dc57ce0e63261313da48520907d7a4b78f9f5374d3c9745cebcb2d81e69a3f35495237809d3459f9c6c23e98e7fdbd54e3c44af6b50886603
- SSDEEP
  
  3072:M/lXL0N115qEPG87BONAU7WcXmLm33MKKGeJmSndiqV7b/hQL44rFZNHCDml:KxL0NRPP7Qd71cKKdNvJQkKFzCa
Score

10^/10

danabot smokeloader backdoor banker discovery trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

danabotsmokeloaderbackdoorbankerdiscoverytrojan

© 2018-2024

Terms | Privacy