General
-
Target
a37e084f55d135b0fd94c67f9d7c4210a1f4d053229bfa150cdbd15027b07cac
-
Size
197KB
-
Sample
220925-cjzmmsebcm
-
MD5
4bca1e2d0639911354e617d87409d1c5
-
SHA1
0194b6e063e6a3732a5d2ecd1af070b7b659c552
-
SHA256
a37e084f55d135b0fd94c67f9d7c4210a1f4d053229bfa150cdbd15027b07cac
-
SHA512
c4bb65719b6d36ff1676b6272e758c7491024e94b35545ddb7e70a99432e8a72b7e135fb5f09acaeff5ed926fb67c7145195a9b07eb125171f2ea763bcdd6ca7
-
SSDEEP
3072:KjIsMEcLfZ4UFrSN55wyIsIgUGOtQbAMtGX5I9jPv1LoBtFKQ/PkkXx:zrLflFr3yIsIuk/Mu5MPdcF
Static task
static1
Behavioral task
behavioral1
Sample
a37e084f55d135b0fd94c67f9d7c4210a1f4d053229bfa150cdbd15027b07cac.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
danabot
198.15.112.179:443
185.62.56.245:443
153.92.223.225:443
192.119.70.159:443
49.0.50.0:57
51.0.52.0:0
53.0.54.0:1200
55.0.56.0:65535
-
embedded_hash
6618C163D57D6441FCCA65D86C4D380D
-
type
loader
Targets
-
-
Target
a37e084f55d135b0fd94c67f9d7c4210a1f4d053229bfa150cdbd15027b07cac
-
Size
197KB
-
MD5
4bca1e2d0639911354e617d87409d1c5
-
SHA1
0194b6e063e6a3732a5d2ecd1af070b7b659c552
-
SHA256
a37e084f55d135b0fd94c67f9d7c4210a1f4d053229bfa150cdbd15027b07cac
-
SHA512
c4bb65719b6d36ff1676b6272e758c7491024e94b35545ddb7e70a99432e8a72b7e135fb5f09acaeff5ed926fb67c7145195a9b07eb125171f2ea763bcdd6ca7
-
SSDEEP
3072:KjIsMEcLfZ4UFrSN55wyIsIgUGOtQbAMtGX5I9jPv1LoBtFKQ/PkkXx:zrLflFr3yIsIuk/Mu5MPdcF
Score10/10-
Detects Smokeloader packer
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-