General
-
Target
b7f793a3ef20202da451e2fc7e9db1e2f5a37dca84af230e9aa7aa5b9e6ba548
-
Size
176KB
-
Sample
220925-zq4aqshcfq
-
MD5
0139b68019c327e7f712c816e27176b7
-
SHA1
c465c713b4ebdd008535a4bc3dbf80a9a6ee8827
-
SHA256
b7f793a3ef20202da451e2fc7e9db1e2f5a37dca84af230e9aa7aa5b9e6ba548
-
SHA512
c0e4618b674327d1cdaa588c7dd85780319ef66298ad0fd0ae3a86fa28b8720474b7603cf6023151f5cac2abf8b3f08d964b491fe16da7b4b493d8377eae8dee
-
SSDEEP
3072:Snu2sTq9zz5Hqa0hQGww1wAwxGmXBducAud5x:+i9u6wQcnA
Static task
static1
Malware Config
Extracted
danabot
198.15.112.179:443
185.62.56.245:443
153.92.223.225:443
192.119.70.159:443
-
embedded_hash
6618C163D57D6441FCCA65D86C4D380D
-
type
loader
Targets
-
-
Target
b7f793a3ef20202da451e2fc7e9db1e2f5a37dca84af230e9aa7aa5b9e6ba548
-
Size
176KB
-
MD5
0139b68019c327e7f712c816e27176b7
-
SHA1
c465c713b4ebdd008535a4bc3dbf80a9a6ee8827
-
SHA256
b7f793a3ef20202da451e2fc7e9db1e2f5a37dca84af230e9aa7aa5b9e6ba548
-
SHA512
c0e4618b674327d1cdaa588c7dd85780319ef66298ad0fd0ae3a86fa28b8720474b7603cf6023151f5cac2abf8b3f08d964b491fe16da7b4b493d8377eae8dee
-
SSDEEP
3072:Snu2sTq9zz5Hqa0hQGww1wAwxGmXBducAud5x:+i9u6wQcnA
-
Detects Smokeloader packer
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-