General
-
Target
1d93a0ed3ada10f0c36024e54df1dd9fb39aca60bde33ad4d4083a97e0ffbd0c
-
Size
176KB
-
Sample
220925-2gpr4agda3
-
MD5
a5b766226b5cdf1f103343d4441e731f
-
SHA1
d45fcec6e97efeba58f1834f42b04282a0ea03de
-
SHA256
1d93a0ed3ada10f0c36024e54df1dd9fb39aca60bde33ad4d4083a97e0ffbd0c
-
SHA512
f0cf5b9840523def4311922130337cbac305c75627b27509f13668253739e7b767fa4958c14d3d91c318f5aa70abc1ff37fb1c2183c3960600bedb6f406da3a0
-
SSDEEP
3072:JZMoSzht18z5L+2dJzIcVCjG4rGRHOP/y4RnFB8HkCt5x:iAd+VLrGZOnxW
Static task
static1
Malware Config
Extracted
danabot
198.15.112.179:443
185.62.56.245:443
153.92.223.225:443
192.119.70.159:443
-
embedded_hash
6618C163D57D6441FCCA65D86C4D380D
-
type
loader
Targets
-
-
Target
1d93a0ed3ada10f0c36024e54df1dd9fb39aca60bde33ad4d4083a97e0ffbd0c
-
Size
176KB
-
MD5
a5b766226b5cdf1f103343d4441e731f
-
SHA1
d45fcec6e97efeba58f1834f42b04282a0ea03de
-
SHA256
1d93a0ed3ada10f0c36024e54df1dd9fb39aca60bde33ad4d4083a97e0ffbd0c
-
SHA512
f0cf5b9840523def4311922130337cbac305c75627b27509f13668253739e7b767fa4958c14d3d91c318f5aa70abc1ff37fb1c2183c3960600bedb6f406da3a0
-
SSDEEP
3072:JZMoSzht18z5L+2dJzIcVCjG4rGRHOP/y4RnFB8HkCt5x:iAd+VLrGZOnxW
-
Detects Smokeloader packer
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-