General
-
Target
ec0d24bab22b1580e26dbbf6229b4aa9718b60604cece4d7e1c83c12fd65d37d
-
Size
153KB
-
Sample
220926-pe43saagb4
-
MD5
b9c560eb3782653f78125040dbe63790
-
SHA1
d0bc58cb70f94a761ac45c6c982beae18f6b07b7
-
SHA256
ec0d24bab22b1580e26dbbf6229b4aa9718b60604cece4d7e1c83c12fd65d37d
-
SHA512
129ab350e9316cf68d44c0ea4a1a513e6ccdb86f3da19b1081b40444342ca6cc60b356c7e8ad7f92f97ac4c5146e8f489cdf8bf7e88c27e228ab61bb513040d1
-
SSDEEP
3072:Ws7eCz5xhqcYOygRfHjp50Gs293AVBC+m5B:VhoOHRLf0hp
Static task
static1
Malware Config
Extracted
danabot
198.15.112.179:443
185.62.56.245:443
153.92.223.225:443
192.119.70.159:443
-
embedded_hash
6618C163D57D6441FCCA65D86C4D380D
-
type
loader
Extracted
systembc
141.98.82.229:4001
Targets
-
-
Target
ec0d24bab22b1580e26dbbf6229b4aa9718b60604cece4d7e1c83c12fd65d37d
-
Size
153KB
-
MD5
b9c560eb3782653f78125040dbe63790
-
SHA1
d0bc58cb70f94a761ac45c6c982beae18f6b07b7
-
SHA256
ec0d24bab22b1580e26dbbf6229b4aa9718b60604cece4d7e1c83c12fd65d37d
-
SHA512
129ab350e9316cf68d44c0ea4a1a513e6ccdb86f3da19b1081b40444342ca6cc60b356c7e8ad7f92f97ac4c5146e8f489cdf8bf7e88c27e228ab61bb513040d1
-
SSDEEP
3072:Ws7eCz5xhqcYOygRfHjp50Gs293AVBC+m5B:VhoOHRLf0hp
-
Detects Smokeloader packer
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-