General
-
Target
2aea0c520d7c2d6dcb469847255c9a643c1ac8836af561f9086ffe21ef07780d
-
Size
196KB
-
Sample
220924-2xh99adfdq
-
MD5
413271b4d8bb6031aa8912ddc0f89b22
-
SHA1
d29cbb70ad00832626657ecd3ab33cdc08bba8a9
-
SHA256
2aea0c520d7c2d6dcb469847255c9a643c1ac8836af561f9086ffe21ef07780d
-
SHA512
e972776a6d8243385fb6db4e64eb9dce7f7715c275de414afe73e65cbd2537272918d3b8266e1b7fb8df219ceab5f0a12b5cdbb8be32b29debdcbbf4e59a86ce
-
SSDEEP
3072:UTlsoSXLLfgM96N5Y2HwHzZLcZyNoaCXPTiUIxBy/V/PkkXx:QILL39rvZL167Xrt/
Static task
static1
Behavioral task
behavioral1
Sample
2aea0c520d7c2d6dcb469847255c9a643c1ac8836af561f9086ffe21ef07780d.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
danabot
198.15.112.179:443
185.62.56.245:443
153.92.223.225:443
192.119.70.159:443
49.0.50.0:57
51.0.52.0:0
53.0.54.0:1200
55.0.56.0:65535
-
embedded_hash
6618C163D57D6441FCCA65D86C4D380D
-
type
loader
Targets
-
-
Target
2aea0c520d7c2d6dcb469847255c9a643c1ac8836af561f9086ffe21ef07780d
-
Size
196KB
-
MD5
413271b4d8bb6031aa8912ddc0f89b22
-
SHA1
d29cbb70ad00832626657ecd3ab33cdc08bba8a9
-
SHA256
2aea0c520d7c2d6dcb469847255c9a643c1ac8836af561f9086ffe21ef07780d
-
SHA512
e972776a6d8243385fb6db4e64eb9dce7f7715c275de414afe73e65cbd2537272918d3b8266e1b7fb8df219ceab5f0a12b5cdbb8be32b29debdcbbf4e59a86ce
-
SSDEEP
3072:UTlsoSXLLfgM96N5Y2HwHzZLcZyNoaCXPTiUIxBy/V/PkkXx:QILL39rvZL167Xrt/
Score10/10-
Detects Smokeloader packer
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-