General
-
Target
6749a02443daa42c1bc76ae28d2560c8d376a3a9b958c0b8c56f51c4cb123d81
-
Size
201KB
-
Sample
220925-tx3pwsgehl
-
MD5
54bd3c032349b5b8e6b574c705927a01
-
SHA1
e5ce19e5f50063355a0ebc8381b4bbf2cce1de39
-
SHA256
6749a02443daa42c1bc76ae28d2560c8d376a3a9b958c0b8c56f51c4cb123d81
-
SHA512
14592d79e4ddb8de0c0ab1b6e151fb56299eb7899c238b4e8baeaaea29155aad52b79fb52157bee513a3327081a5b8a2fbadbb0b5535c9d529dbbc59a5a13b57
-
SSDEEP
3072:74bTf1uLEz5QQg/RDltA6/e3AxNzbYbOAB0rao3n/PkuXx:9rQkD73mEzeq3
Static task
static1
Malware Config
Extracted
danabot
198.15.112.179:443
185.62.56.245:443
153.92.223.225:443
192.119.70.159:443
49.0.50.0:57
51.0.52.0:0
53.0.54.0:1200
55.0.56.0:65535
-
embedded_hash
6618C163D57D6441FCCA65D86C4D380D
-
type
loader
Targets
-
-
Target
6749a02443daa42c1bc76ae28d2560c8d376a3a9b958c0b8c56f51c4cb123d81
-
Size
201KB
-
MD5
54bd3c032349b5b8e6b574c705927a01
-
SHA1
e5ce19e5f50063355a0ebc8381b4bbf2cce1de39
-
SHA256
6749a02443daa42c1bc76ae28d2560c8d376a3a9b958c0b8c56f51c4cb123d81
-
SHA512
14592d79e4ddb8de0c0ab1b6e151fb56299eb7899c238b4e8baeaaea29155aad52b79fb52157bee513a3327081a5b8a2fbadbb0b5535c9d529dbbc59a5a13b57
-
SSDEEP
3072:74bTf1uLEz5QQg/RDltA6/e3AxNzbYbOAB0rao3n/PkuXx:9rQkD73mEzeq3
-
Detects Smokeloader packer
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-