General
-
Target
cbb6e9b89510799592de2d5b627e3761b8ead87434fdc94e145bc29d09c8d84e
-
Size
176KB
-
Sample
220925-ykh7yahbbk
-
MD5
d15f1360ec21568253bb5fd462b017b5
-
SHA1
f30c3f9f18da4b378357ad787b30d16081b25ed5
-
SHA256
cbb6e9b89510799592de2d5b627e3761b8ead87434fdc94e145bc29d09c8d84e
-
SHA512
325274cfa008112035aa77618bd693c372f6bf6178e8d69a8817d59944e3e8b8db743a7d8dccdfba9f953e8f42daae6be118a8f9e5b24431192171bd3736dfd1
-
SSDEEP
3072:3TUhKIaBDOzzz5AnuKNNORTVzfY8+yMiK69belBs19hMqs5x:QdLK6z/+yMqn3t
Static task
static1
Malware Config
Extracted
danabot
198.15.112.179:443
185.62.56.245:443
153.92.223.225:443
192.119.70.159:443
-
embedded_hash
6618C163D57D6441FCCA65D86C4D380D
-
type
loader
Targets
-
-
Target
cbb6e9b89510799592de2d5b627e3761b8ead87434fdc94e145bc29d09c8d84e
-
Size
176KB
-
MD5
d15f1360ec21568253bb5fd462b017b5
-
SHA1
f30c3f9f18da4b378357ad787b30d16081b25ed5
-
SHA256
cbb6e9b89510799592de2d5b627e3761b8ead87434fdc94e145bc29d09c8d84e
-
SHA512
325274cfa008112035aa77618bd693c372f6bf6178e8d69a8817d59944e3e8b8db743a7d8dccdfba9f953e8f42daae6be118a8f9e5b24431192171bd3736dfd1
-
SSDEEP
3072:3TUhKIaBDOzzz5AnuKNNORTVzfY8+yMiK69belBs19hMqs5x:QdLK6z/+yMqn3t
-
Detects Smokeloader packer
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-