General
-
Target
8ddbab254ff9681c839f2009b0359638a3987875620ae6fb117f3fc03b364419
-
Size
197KB
-
Sample
220924-k42xhacccp
-
MD5
32ac7d938ce49380bffed36312dcc45f
-
SHA1
e1ca9d30ca8514ee542a22c94be0e12b0b7ffd33
-
SHA256
8ddbab254ff9681c839f2009b0359638a3987875620ae6fb117f3fc03b364419
-
SHA512
aeb143bb539281d1bb7dfdeee1780f9942405d0e782a74b7904034256b3ffdc4dd14ccdeb5aa3be6b3c516c2ef39ad6228778154641e5838ca11b33533610c0b
-
SSDEEP
3072:jV/43XLawpFtxE+c85nO199kuDnbiBEZfkk7qD1AXe8uVBYo6/PkF4x:jOLaEtxE+ZO1bku6ykkc1uJJo
Static task
static1
Behavioral task
behavioral1
Sample
8ddbab254ff9681c839f2009b0359638a3987875620ae6fb117f3fc03b364419.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
danabot
198.15.112.179:443
185.62.56.245:443
153.92.223.225:443
192.119.70.159:443
-
embedded_hash
6618C163D57D6441FCCA65D86C4D380D
-
type
loader
Targets
-
-
Target
8ddbab254ff9681c839f2009b0359638a3987875620ae6fb117f3fc03b364419
-
Size
197KB
-
MD5
32ac7d938ce49380bffed36312dcc45f
-
SHA1
e1ca9d30ca8514ee542a22c94be0e12b0b7ffd33
-
SHA256
8ddbab254ff9681c839f2009b0359638a3987875620ae6fb117f3fc03b364419
-
SHA512
aeb143bb539281d1bb7dfdeee1780f9942405d0e782a74b7904034256b3ffdc4dd14ccdeb5aa3be6b3c516c2ef39ad6228778154641e5838ca11b33533610c0b
-
SSDEEP
3072:jV/43XLawpFtxE+c85nO199kuDnbiBEZfkk7qD1AXe8uVBYo6/PkF4x:jOLaEtxE+ZO1bku6ykkc1uJJo
Score10/10-
Detects Smokeloader packer
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-