General
-
Target
55a5025f31a050c752f4f6bea272075b1850bc46b517ca9aa8a959d0b7bc26bb
-
Size
203KB
-
Sample
220925-qnwnfagabr
-
MD5
4e0a1965b87ba335d8756d392ec0e9c9
-
SHA1
a44bb763bc14b1f03d7234f9fcca59aa084f3ffc
-
SHA256
55a5025f31a050c752f4f6bea272075b1850bc46b517ca9aa8a959d0b7bc26bb
-
SHA512
e2ea43244099b62d315a71fb51c6a38a355bbe3f9893b2aac0b46a061969dc2eeaac6bc85f8d22b57b2d95e6a027ec9b1406f0ce6022c87236ebef5b328ee53f
-
SSDEEP
3072:scR2Qez9iLj5Ijse+NyyktN3MOdzgtBOTX/PkxXx:97ily2/f
Static task
static1
Malware Config
Extracted
danabot
198.15.112.179:443
185.62.56.245:443
153.92.223.225:443
192.119.70.159:443
-
embedded_hash
6618C163D57D6441FCCA65D86C4D380D
-
type
loader
Targets
-
-
Target
55a5025f31a050c752f4f6bea272075b1850bc46b517ca9aa8a959d0b7bc26bb
-
Size
203KB
-
MD5
4e0a1965b87ba335d8756d392ec0e9c9
-
SHA1
a44bb763bc14b1f03d7234f9fcca59aa084f3ffc
-
SHA256
55a5025f31a050c752f4f6bea272075b1850bc46b517ca9aa8a959d0b7bc26bb
-
SHA512
e2ea43244099b62d315a71fb51c6a38a355bbe3f9893b2aac0b46a061969dc2eeaac6bc85f8d22b57b2d95e6a027ec9b1406f0ce6022c87236ebef5b328ee53f
-
SSDEEP
3072:scR2Qez9iLj5Ijse+NyyktN3MOdzgtBOTX/PkxXx:97ily2/f
-
Detects Smokeloader packer
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-