General
-
Target
file.exe
-
Size
153KB
-
Sample
220926-qc7xbscafk
-
MD5
7d53fa419ac8d29b79078ca0c4bb85c6
-
SHA1
e051e6cf509d78cad4337ee84b1f4ffaa0c3ac8b
-
SHA256
bc1c19fb9559d3e0f6ede05232c6f72d8306f8858f740bf9a8dd768c0cba92de
-
SHA512
9232370c1f86cfae4c67b545c3a61374381d67bfa97ca64ee0bb9bc4b53f9de3c33ef0fcef012998fdde482c0ab5a7e52a55d0d32787c44a9f388a294929ce53
-
SSDEEP
1536:VTcMoYs1izSP44tTF5YuMdb47ZPaEF1J3IcP9WlY9aRFucLyOGgxjYj1Ei/UunL2:VTSzTF5eb079pUx3TylgGBtJ+/aK5B
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Malware Config
Extracted
danabot
198.15.112.179:443
185.62.56.245:443
153.92.223.225:443
192.119.70.159:443
49.0.50.0:57
51.0.52.0:0
53.0.54.0:1200
55.0.56.0:65535
-
embedded_hash
6618C163D57D6441FCCA65D86C4D380D
-
type
loader
Extracted
systembc
141.98.82.229:4001
Targets
-
-
Target
file.exe
-
Size
153KB
-
MD5
7d53fa419ac8d29b79078ca0c4bb85c6
-
SHA1
e051e6cf509d78cad4337ee84b1f4ffaa0c3ac8b
-
SHA256
bc1c19fb9559d3e0f6ede05232c6f72d8306f8858f740bf9a8dd768c0cba92de
-
SHA512
9232370c1f86cfae4c67b545c3a61374381d67bfa97ca64ee0bb9bc4b53f9de3c33ef0fcef012998fdde482c0ab5a7e52a55d0d32787c44a9f388a294929ce53
-
SSDEEP
1536:VTcMoYs1izSP44tTF5YuMdb47ZPaEF1J3IcP9WlY9aRFucLyOGgxjYj1Ei/UunL2:VTSzTF5eb079pUx3TylgGBtJ+/aK5B
-
Detects Smokeloader packer
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-