General
-
Target
f5ace266da78c8c6383d05c4f81641eef2ed88c51a17be557082470e6caf0fe9
-
Size
128KB
-
Sample
220927-clr1ksddhj
-
MD5
42ac4119614c6468647b605a6f6a47da
-
SHA1
c6538b1e2e90e5eece8cfc14d26385db840621f6
-
SHA256
f5ace266da78c8c6383d05c4f81641eef2ed88c51a17be557082470e6caf0fe9
-
SHA512
b4d624102ee740bb2b05620be04dc086b2fa1127aa8ac7838b238fe62f499b949df1d034783b2a4a49f4af3e4d3999b6c7ab5b2e7805f1b868a1008471d7709a
-
SSDEEP
1536:TeQAmsebDPqPXTI5ADRGxNZIhVV9nmid6cADwt/885I+UrxwJ8O9dtvI3+w6YJda:TeQA+PqTI5mRGLZ4VBGJ9wyO5AOFz5B
Static task
static1
Malware Config
Extracted
danabot
-
embedded_hash
6618C163D57D6441FCCA65D86C4D380D
-
type
loader
Targets
-
-
Target
f5ace266da78c8c6383d05c4f81641eef2ed88c51a17be557082470e6caf0fe9
-
Size
128KB
-
MD5
42ac4119614c6468647b605a6f6a47da
-
SHA1
c6538b1e2e90e5eece8cfc14d26385db840621f6
-
SHA256
f5ace266da78c8c6383d05c4f81641eef2ed88c51a17be557082470e6caf0fe9
-
SHA512
b4d624102ee740bb2b05620be04dc086b2fa1127aa8ac7838b238fe62f499b949df1d034783b2a4a49f4af3e4d3999b6c7ab5b2e7805f1b868a1008471d7709a
-
SSDEEP
1536:TeQAmsebDPqPXTI5ADRGxNZIhVV9nmid6cADwt/885I+UrxwJ8O9dtvI3+w6YJda:TeQA+PqTI5mRGLZ4VBGJ9wyO5AOFz5B
-
Detects Smokeloader packer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-