General
-
Target
f8c008d4c9d06acfc86549c9979843fd23c80cabd3858184ed1421d8ac40005c
-
Size
196KB
-
Sample
220924-wztk4sbgc3
-
MD5
8c779e387d0252daa6cd4fd0f9325e20
-
SHA1
2bed7c5c6c25e35b0594426bf6a5d4914cf2731e
-
SHA256
f8c008d4c9d06acfc86549c9979843fd23c80cabd3858184ed1421d8ac40005c
-
SHA512
1fe1495cbecb2664184e9e18017f783fd523450dbeccecd42ff9ce9f1f1648aeed2a67e481ed02c306e5ede4c0c667029d1ab87e96ebd4912da7841aa5c804dc
-
SSDEEP
3072:ippQIKLYJRd7A5zIldWOM2PJ39Tq6vPGJvxZD36lDB85IA/YO/V3/PkkXx:NLSd6wJ9TfveJ5ZDO2L/j
Static task
static1
Behavioral task
behavioral1
Sample
f8c008d4c9d06acfc86549c9979843fd23c80cabd3858184ed1421d8ac40005c.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
danabot
198.15.112.179:443
185.62.56.245:443
153.92.223.225:443
192.119.70.159:443
49.0.50.0:57
51.0.52.0:0
53.0.54.0:1200
55.0.56.0:65535
-
embedded_hash
6618C163D57D6441FCCA65D86C4D380D
-
type
loader
Targets
-
-
Target
f8c008d4c9d06acfc86549c9979843fd23c80cabd3858184ed1421d8ac40005c
-
Size
196KB
-
MD5
8c779e387d0252daa6cd4fd0f9325e20
-
SHA1
2bed7c5c6c25e35b0594426bf6a5d4914cf2731e
-
SHA256
f8c008d4c9d06acfc86549c9979843fd23c80cabd3858184ed1421d8ac40005c
-
SHA512
1fe1495cbecb2664184e9e18017f783fd523450dbeccecd42ff9ce9f1f1648aeed2a67e481ed02c306e5ede4c0c667029d1ab87e96ebd4912da7841aa5c804dc
-
SSDEEP
3072:ippQIKLYJRd7A5zIldWOM2PJ39Tq6vPGJvxZD36lDB85IA/YO/V3/PkkXx:NLSd6wJ9TfveJ5ZDO2L/j
Score10/10-
Detects Smokeloader packer
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-