General
-
Target
file.exe
-
Size
202KB
-
Sample
220925-xnm5mahacp
-
MD5
74c2afe7354b559bf2c8ed20e5cf7068
-
SHA1
67bc39fa3668c6eb726635e6506d0b5050d69b7a
-
SHA256
37d782a8cc1be5558cb62e686b5d460313167ac6bd84b78f6496e8d8c0454806
-
SHA512
3267e00b887934c1cefb135b721a38448038bc54d77aba3d48ace8598a9e5598ba17bdaad24ece0986eaded405a174e570ca4d17b191e3720f3d12196ac040c0
-
SSDEEP
3072:B6/BG+bEGIPEz5xmspUd+dnox4VXKgBeV8xIhd2/Pku5x:Qn4BSNZ8V8xIh
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Malware Config
Extracted
danabot
198.15.112.179:443
185.62.56.245:443
153.92.223.225:443
192.119.70.159:443
-
embedded_hash
6618C163D57D6441FCCA65D86C4D380D
-
type
loader
Targets
-
-
Target
file.exe
-
Size
202KB
-
MD5
74c2afe7354b559bf2c8ed20e5cf7068
-
SHA1
67bc39fa3668c6eb726635e6506d0b5050d69b7a
-
SHA256
37d782a8cc1be5558cb62e686b5d460313167ac6bd84b78f6496e8d8c0454806
-
SHA512
3267e00b887934c1cefb135b721a38448038bc54d77aba3d48ace8598a9e5598ba17bdaad24ece0986eaded405a174e570ca4d17b191e3720f3d12196ac040c0
-
SSDEEP
3072:B6/BG+bEGIPEz5xmspUd+dnox4VXKgBeV8xIhd2/Pku5x:Qn4BSNZ8V8xIh
-
Detects Smokeloader packer
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-