General
-
Target
682ee9d6604ddbc0b6dfdaa7c267624ab7b8a269aa26b50af08bfc69ba9523cc
-
Size
196KB
-
Sample
220924-lv46yabab8
-
MD5
19770b03d1c191ccd5a67cc90894376a
-
SHA1
2c96d543ad29665a440fde4b0d11aa1da0787db2
-
SHA256
682ee9d6604ddbc0b6dfdaa7c267624ab7b8a269aa26b50af08bfc69ba9523cc
-
SHA512
e2f0a84dd198a7eb6087640a080b1be77bada2c35c84c04f2f6a95f27814431eac63847d436b81e91fb20bb8ef95ecccd08637cdf564da707d786bd22788076a
-
SSDEEP
3072:cmR1L/O3DVH85ldAY2d53utSqpElXZ5BrXjG/PkF4x:3LiDVSdyd53utS2qZ/X
Static task
static1
Behavioral task
behavioral1
Sample
682ee9d6604ddbc0b6dfdaa7c267624ab7b8a269aa26b50af08bfc69ba9523cc.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
danabot
198.15.112.179:443
185.62.56.245:443
153.92.223.225:443
192.119.70.159:443
49.0.50.0:57
51.0.52.0:0
53.0.54.0:1200
55.0.56.0:65535
-
embedded_hash
6618C163D57D6441FCCA65D86C4D380D
-
type
loader
Targets
-
-
Target
682ee9d6604ddbc0b6dfdaa7c267624ab7b8a269aa26b50af08bfc69ba9523cc
-
Size
196KB
-
MD5
19770b03d1c191ccd5a67cc90894376a
-
SHA1
2c96d543ad29665a440fde4b0d11aa1da0787db2
-
SHA256
682ee9d6604ddbc0b6dfdaa7c267624ab7b8a269aa26b50af08bfc69ba9523cc
-
SHA512
e2f0a84dd198a7eb6087640a080b1be77bada2c35c84c04f2f6a95f27814431eac63847d436b81e91fb20bb8ef95ecccd08637cdf564da707d786bd22788076a
-
SSDEEP
3072:cmR1L/O3DVH85ldAY2d53utSqpElXZ5BrXjG/PkF4x:3LiDVSdyd53utS2qZ/X
Score10/10-
Detects Smokeloader packer
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-