General
-
Target
193344e0b6658427a8082b787bf15d1ee97119418a21a27a2e0f3d0355013f74
-
Size
129KB
-
Sample
220926-w7x89scgfj
-
MD5
c8190e4806644bf2ac09a546941a15ee
-
SHA1
d4dc107c1e63f161a387423898b179c54ab45792
-
SHA256
193344e0b6658427a8082b787bf15d1ee97119418a21a27a2e0f3d0355013f74
-
SHA512
1c25ae85f7b295e743b81bb87f3247c363a25eab9a309675e7af1b1da6542cd17d1da2af5c3ac8364c086780465cd80f01e5eb3346b98942b7e1dae7a6f32d41
-
SSDEEP
3072:r33dTc5OUB42+1m+Pzj1eDpsI9jaEr5oH5B:jYqPMD6gri
Static task
static1
Malware Config
Extracted
danabot
198.15.112.179:443
185.62.56.245:443
153.92.223.225:443
192.119.70.159:443
-
embedded_hash
6618C163D57D6441FCCA65D86C4D380D
-
type
loader
Targets
-
-
Target
193344e0b6658427a8082b787bf15d1ee97119418a21a27a2e0f3d0355013f74
-
Size
129KB
-
MD5
c8190e4806644bf2ac09a546941a15ee
-
SHA1
d4dc107c1e63f161a387423898b179c54ab45792
-
SHA256
193344e0b6658427a8082b787bf15d1ee97119418a21a27a2e0f3d0355013f74
-
SHA512
1c25ae85f7b295e743b81bb87f3247c363a25eab9a309675e7af1b1da6542cd17d1da2af5c3ac8364c086780465cd80f01e5eb3346b98942b7e1dae7a6f32d41
-
SSDEEP
3072:r33dTc5OUB42+1m+Pzj1eDpsI9jaEr5oH5B:jYqPMD6gri
-
Detects Smokeloader packer
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-