danabot | c5072261b7b27698e90066a45e204fc5db137427d22133d6a34dfbce68a26e13 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

c5072261b7b27698e90066a45e204fc5db137427d22133d6a34dfbce68a26e13
Size

219KB
Sample

221221-j268rsbh58
MD5

e0508e5987a2d4062288edea3e728d37
SHA1

b5b8fd66e6b915906b1bfa372e1e9a3ea4413d2f
SHA256

c5072261b7b27698e90066a45e204fc5db137427d22133d6a34dfbce68a26e13
SHA512

eebc1a1815715db08099fce922088924f47fe86a2ea905bfc9636b7adabed0decb4117fb7fcd3f1c5ea495a7f38e29d4a62b42bb089dc1a50987b56d357a12ac
SSDEEP

3072:OhOluS4LWS156DDPwWplHCabZt2Mi7zxfROL1T9knTVOWzgKr/so:x+LWLDsWplHd/mz6BT9kxOWzz/

Score

10^/10

danabot smokeloader backdoor banker trojan

Static task

static1

Behavioral task

behavioral1

Sample

c5072261b7b27698e90066a45e204fc5db137427d22133d6a34dfbce68a26e13.exe

Resource

win10v2004-20221111-en

danabot smokeloader backdoor banker trojan

windows10-2004-x64

22 signatures

150 seconds

Malware Config

Targets

- Target
  
  c5072261b7b27698e90066a45e204fc5db137427d22133d6a34dfbce68a26e13
- Size
  
  219KB
- MD5
  
  e0508e5987a2d4062288edea3e728d37
- SHA1
  
  b5b8fd66e6b915906b1bfa372e1e9a3ea4413d2f
- SHA256
  
  c5072261b7b27698e90066a45e204fc5db137427d22133d6a34dfbce68a26e13
- SHA512
  
  eebc1a1815715db08099fce922088924f47fe86a2ea905bfc9636b7adabed0decb4117fb7fcd3f1c5ea495a7f38e29d4a62b42bb089dc1a50987b56d357a12ac
- SSDEEP
  
  3072:OhOluS4LWS156DDPwWplHCabZt2Mi7zxfROL1T9knTVOWzgKr/so:x+LWLDsWplHd/mz6BT9kxOWzz/
Score

10^/10

danabot smokeloader backdoor banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

danabotsmokeloaderbackdoorbankertrojan

© 2018-2024

Terms | Privacy