danabot | 96b638420a725c8f6f02e8e3195fd8ef5698c28ce6032cb55e377027c5095c27 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

96b638420a725c8f6f02e8e3195fd8ef5698c28ce6032cb55e377027c5095c27
Size

220KB
Sample

221221-hmbb4sbg69
MD5

afdb8706762df1a5b0ea28c272931e08
SHA1

706712d5a9780aeca9a054bb0e1e5e6f5975aba7
SHA256

96b638420a725c8f6f02e8e3195fd8ef5698c28ce6032cb55e377027c5095c27
SHA512

b7a15b52e4cab219e31007dce7139a97265c9a706b66f815049a3d7a777d2ad1a34c6e83f0ddac02456f15a338dc7cd3408dddbe433fed928f3d6fabb92a205d
SSDEEP

3072:qpqFpLpqwt154VDl3sUuBFrK+wWOjO621wLV7b/lFikrNHCDml:fHLpqwWN27VKhWOi1whtF7Ca

Score

10^/10

danabot smokeloader backdoor banker discovery persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

96b638420a725c8f6f02e8e3195fd8ef5698c28ce6032cb55e377027c5095c27.exe

Resource

win10v2004-20220901-en

danabot smokeloader backdoor banker discovery persistence trojan

windows10-2004-x64

26 signatures

150 seconds

Malware Config

Targets

- Target
  
  96b638420a725c8f6f02e8e3195fd8ef5698c28ce6032cb55e377027c5095c27
- Size
  
  220KB
- MD5
  
  afdb8706762df1a5b0ea28c272931e08
- SHA1
  
  706712d5a9780aeca9a054bb0e1e5e6f5975aba7
- SHA256
  
  96b638420a725c8f6f02e8e3195fd8ef5698c28ce6032cb55e377027c5095c27
- SHA512
  
  b7a15b52e4cab219e31007dce7139a97265c9a706b66f815049a3d7a777d2ad1a34c6e83f0ddac02456f15a338dc7cd3408dddbe433fed928f3d6fabb92a205d
- SSDEEP
  
  3072:qpqFpLpqwt154VDl3sUuBFrK+wWOjO621wLV7b/lFikrNHCDml:fHLpqwWN27VKhWOi1whtF7Ca
Score

10^/10

danabot smokeloader backdoor banker discovery persistence trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Sets DLL path for service in the registry
  persistence
- Sets service image path in registry
  persistence
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

danabotsmokeloaderbackdoorbankerdiscoverypersistencetrojan

© 2018-2024

Terms | Privacy