General
-
Target
3b33a8437951b5d755446f2ec3029929b68548be6695c6f398030c470041f224
-
Size
169KB
-
Sample
220923-e4tm8shafr
-
MD5
9f648450f309586da87adf060b5e29e2
-
SHA1
84d6f2cf254a74cc9ae7586a848aaceea22d7c70
-
SHA256
3b33a8437951b5d755446f2ec3029929b68548be6695c6f398030c470041f224
-
SHA512
4c7f45d955ca76fe0f39ac2b253f04fd82140cd3ed1cea4b3ccfa0813a9d5af9445ea43a622a71b57884c1bbabe1e94fe2931b4a7495d9429a7304a0db6d914a
-
SSDEEP
3072:qGkLfdZ5p3Z5VYlamtTmaBPHrVlGQnhTixaEBc/PkWDn:ULfdF3Z39KTNRLbPJ
Static task
static1
Behavioral task
behavioral1
Sample
3b33a8437951b5d755446f2ec3029929b68548be6695c6f398030c470041f224.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
danabot
198.15.112.179:443
185.62.56.245:443
153.92.223.225:443
192.119.70.159:443
-
embedded_hash
6618C163D57D6441FCCA65D86C4D380D
-
type
loader
Extracted
asyncrat
VenomAngel 5.0.7
Venom Clients
91.134.214.15:4449
Venom_RAT_HVNC_Mutex_Venom RAT_HVNC
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
3b33a8437951b5d755446f2ec3029929b68548be6695c6f398030c470041f224
-
Size
169KB
-
MD5
9f648450f309586da87adf060b5e29e2
-
SHA1
84d6f2cf254a74cc9ae7586a848aaceea22d7c70
-
SHA256
3b33a8437951b5d755446f2ec3029929b68548be6695c6f398030c470041f224
-
SHA512
4c7f45d955ca76fe0f39ac2b253f04fd82140cd3ed1cea4b3ccfa0813a9d5af9445ea43a622a71b57884c1bbabe1e94fe2931b4a7495d9429a7304a0db6d914a
-
SSDEEP
3072:qGkLfdZ5p3Z5VYlamtTmaBPHrVlGQnhTixaEBc/PkWDn:ULfdF3Z39KTNRLbPJ
-
Detects Smokeloader packer
-
Async RAT payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-