General
-
Target
c62d284db43e352822e5a2d6797cb428.exe
-
Size
202KB
-
Sample
220925-v1zyvaggep
-
MD5
c62d284db43e352822e5a2d6797cb428
-
SHA1
4a779d48ce8b9bf36abe07e97ba9f528e3034173
-
SHA256
13261464a2785a52184519ec0992d79b19fba7e6ea7b625324b3881ff18e6ada
-
SHA512
5f33ea8b328a88f71265a77eec0b2b276ff2e03a1012b50eb2d4c74a2b099389576d66b9244b474cb0690ab22a2fccf4421be5c0962f4a3ffa65462b96e84a8f
-
SSDEEP
3072:Rv53m1olVj58l0wNZDae8kQxckj4S0ucJBFnPcKo1/PkxXx:R4l0wNZDaw8N/0dPc7
Static task
static1
Behavioral task
behavioral1
Sample
c62d284db43e352822e5a2d6797cb428.exe
Resource
win7-20220812-en
Malware Config
Extracted
danabot
-
embedded_hash
6618C163D57D6441FCCA65D86C4D380D
-
type
loader
Targets
-
-
Target
c62d284db43e352822e5a2d6797cb428.exe
-
Size
202KB
-
MD5
c62d284db43e352822e5a2d6797cb428
-
SHA1
4a779d48ce8b9bf36abe07e97ba9f528e3034173
-
SHA256
13261464a2785a52184519ec0992d79b19fba7e6ea7b625324b3881ff18e6ada
-
SHA512
5f33ea8b328a88f71265a77eec0b2b276ff2e03a1012b50eb2d4c74a2b099389576d66b9244b474cb0690ab22a2fccf4421be5c0962f4a3ffa65462b96e84a8f
-
SSDEEP
3072:Rv53m1olVj58l0wNZDae8kQxckj4S0ucJBFnPcKo1/PkxXx:R4l0wNZDaw8N/0dPc7
-
Detects Smokeloader packer
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-