danabot | 4b57baddf2270d63a05e86300645f4d83e62af33b8409d61c47493b488e52ded | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

4b57baddf2270d63a05e86300645f4d83e62af33b8409d61c47493b488e52ded
Size

220KB
Sample

221221-h47rmseh6w
MD5

abc3cf0bf5610cad19bd66ce39fa1325
SHA1

9d1488117d24edde285ef607d5a54db2102b50dc
SHA256

4b57baddf2270d63a05e86300645f4d83e62af33b8409d61c47493b488e52ded
SHA512

9d57c10787b7aba1f0ded0190abe251e3ad37b6a2e2d58a68760505f87bddc5e89c35554fb3cc677313200aba32d15001d457a6af87a109c84387439930d4562
SSDEEP

3072:XmRZiQnLwwDt15PZwXiw1tsfaWPLr4epcdxJAZV7b/yAHcNHCDml:2VLwwDVmXiw1ts7PI8creACa

Score

10^/10

danabot smokeloader backdoor banker persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

4b57baddf2270d63a05e86300645f4d83e62af33b8409d61c47493b488e52ded.exe

Resource

win10v2004-20221111-en

danabot smokeloader backdoor banker persistence trojan

windows10-2004-x64

25 signatures

150 seconds

Malware Config

Targets

- Target
  
  4b57baddf2270d63a05e86300645f4d83e62af33b8409d61c47493b488e52ded
- Size
  
  220KB
- MD5
  
  abc3cf0bf5610cad19bd66ce39fa1325
- SHA1
  
  9d1488117d24edde285ef607d5a54db2102b50dc
- SHA256
  
  4b57baddf2270d63a05e86300645f4d83e62af33b8409d61c47493b488e52ded
- SHA512
  
  9d57c10787b7aba1f0ded0190abe251e3ad37b6a2e2d58a68760505f87bddc5e89c35554fb3cc677313200aba32d15001d457a6af87a109c84387439930d4562
- SSDEEP
  
  3072:XmRZiQnLwwDt15PZwXiw1tsfaWPLr4epcdxJAZV7b/yAHcNHCDml:2VLwwDVmXiw1ts7PI8creACa
Score

10^/10

danabot smokeloader backdoor banker persistence trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Sets DLL path for service in the registry
  persistence
- Sets service image path in registry
  persistence
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

danabotsmokeloaderbackdoorbankerpersistencetrojan

© 2018-2024

Terms | Privacy