General
-
Target
file.exe
-
Size
197KB
-
Sample
220925-bqnchscff2
-
MD5
c0c84e5c6c1b09b5a987bff067aa29dd
-
SHA1
d258b9984f0e13434d1cb337b8d9f53d5e29b4b3
-
SHA256
b042f121f497e12dec719011bcfac3357f662d8412c1960d3599293eb0051543
-
SHA512
e1c82276d5fc42a905aca9dbcdc03be434b9f418fa6457588ed0f9442d6dd56aabf66a02f54cfb219cb518e8a5d00149e354406c9e7ede74f80c387d3fa8a313
-
SSDEEP
3072:fbcAgLgJLGA4N5fi2x7iZin/RoJT3sYlBnnE8T/PkkXx:ILo5OLxmZM/RoJT8C
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
danabot
198.15.112.179:443
185.62.56.245:443
153.92.223.225:443
192.119.70.159:443
-
embedded_hash
6618C163D57D6441FCCA65D86C4D380D
-
type
loader
Targets
-
-
Target
file.exe
-
Size
197KB
-
MD5
c0c84e5c6c1b09b5a987bff067aa29dd
-
SHA1
d258b9984f0e13434d1cb337b8d9f53d5e29b4b3
-
SHA256
b042f121f497e12dec719011bcfac3357f662d8412c1960d3599293eb0051543
-
SHA512
e1c82276d5fc42a905aca9dbcdc03be434b9f418fa6457588ed0f9442d6dd56aabf66a02f54cfb219cb518e8a5d00149e354406c9e7ede74f80c387d3fa8a313
-
SSDEEP
3072:fbcAgLgJLGA4N5fi2x7iZin/RoJT3sYlBnnE8T/PkkXx:ILo5OLxmZM/RoJT8C
Score10/10-
Detects Smokeloader packer
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-