General
-
Target
5b2092534b5f257e161e81e7768f50d625f5400fda62e8e1eb887ed4c943007b
-
Size
168KB
-
Sample
220923-f4ls3ahbem
-
MD5
5c2839e0e8b59d4bc5170ed73479fd1f
-
SHA1
6af8d05698bbaa51043fccebbabafd286517622b
-
SHA256
5b2092534b5f257e161e81e7768f50d625f5400fda62e8e1eb887ed4c943007b
-
SHA512
b7f27e5f8ef642bf57281acfbd50d786cdeafb7b720308f6ed429e0c2740a5f87e802a3c83681682dedc578a5dbd487d7219fad4214497d830552402d2fe7531
-
SSDEEP
3072:yT+LIr5rgtFYvak3WUTYkCVB+5FMmtjhWUBz/EFG1r/PkWDn:TLIUFsx5TYkaU5NxhWMEw
Static task
static1
Behavioral task
behavioral1
Sample
5b2092534b5f257e161e81e7768f50d625f5400fda62e8e1eb887ed4c943007b.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
danabot
198.15.112.179:443
185.62.56.245:443
153.92.223.225:443
192.119.70.159:443
-
embedded_hash
6618C163D57D6441FCCA65D86C4D380D
-
type
loader
Extracted
asyncrat
VenomAngel 5.0.7
Venom Clients
91.134.214.15:4449
Venom_RAT_HVNC_Mutex_Venom RAT_HVNC
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
5b2092534b5f257e161e81e7768f50d625f5400fda62e8e1eb887ed4c943007b
-
Size
168KB
-
MD5
5c2839e0e8b59d4bc5170ed73479fd1f
-
SHA1
6af8d05698bbaa51043fccebbabafd286517622b
-
SHA256
5b2092534b5f257e161e81e7768f50d625f5400fda62e8e1eb887ed4c943007b
-
SHA512
b7f27e5f8ef642bf57281acfbd50d786cdeafb7b720308f6ed429e0c2740a5f87e802a3c83681682dedc578a5dbd487d7219fad4214497d830552402d2fe7531
-
SSDEEP
3072:yT+LIr5rgtFYvak3WUTYkCVB+5FMmtjhWUBz/EFG1r/PkWDn:TLIUFsx5TYkaU5NxhWMEw
-
Detects Smokeloader packer
-
Async RAT payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-