General
-
Target
ab6a74f5b0daf33e260e11603149b6916b18bd228d5e3a65a02414bde35f8110
-
Size
197KB
-
Sample
220924-rr5k7acgbq
-
MD5
9eda1d1bd37cb31baa7a2b59267a1532
-
SHA1
9905a1c1e09cb734f533334d11d9249f2543851e
-
SHA256
ab6a74f5b0daf33e260e11603149b6916b18bd228d5e3a65a02414bde35f8110
-
SHA512
00b10797660b5fc828f409aacb50dbff8a3887e9936a827c301f370d83875338ff6c7832aeba7f1abe29216c58004d68ecc0b2a19954899377869a9a0f6fd039
-
SSDEEP
3072:7Jd88LvAjM+b5Sn0FO/QnSHAbohxGBq5YbJB/rI/Pkk4x:A8LUMN04/S6GohwAYbH
Static task
static1
Behavioral task
behavioral1
Sample
ab6a74f5b0daf33e260e11603149b6916b18bd228d5e3a65a02414bde35f8110.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
danabot
198.15.112.179:443
185.62.56.245:443
153.92.223.225:443
192.119.70.159:443
49.0.50.0:57
51.0.52.0:0
53.0.54.0:1200
55.0.56.0:65535
-
embedded_hash
6618C163D57D6441FCCA65D86C4D380D
-
type
loader
Targets
-
-
Target
ab6a74f5b0daf33e260e11603149b6916b18bd228d5e3a65a02414bde35f8110
-
Size
197KB
-
MD5
9eda1d1bd37cb31baa7a2b59267a1532
-
SHA1
9905a1c1e09cb734f533334d11d9249f2543851e
-
SHA256
ab6a74f5b0daf33e260e11603149b6916b18bd228d5e3a65a02414bde35f8110
-
SHA512
00b10797660b5fc828f409aacb50dbff8a3887e9936a827c301f370d83875338ff6c7832aeba7f1abe29216c58004d68ecc0b2a19954899377869a9a0f6fd039
-
SSDEEP
3072:7Jd88LvAjM+b5Sn0FO/QnSHAbohxGBq5YbJB/rI/Pkk4x:A8LUMN04/S6GohwAYbH
Score10/10-
Detects Smokeloader packer
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-