General
-
Target
67076dd399a7a1ba3f6218f67b6241100241d51c5d8b9d79bec7631db0fe3aff
-
Size
219KB
-
Sample
221024-258vwaahgn
-
MD5
826aa9234de38f7df9471a96123353f3
-
SHA1
45385e79156656d8e78002241afb6c54f34d3c00
-
SHA256
67076dd399a7a1ba3f6218f67b6241100241d51c5d8b9d79bec7631db0fe3aff
-
SHA512
a62ba58c4de2e6a8e515e8a9f2271770a39ad9c9b35c2b593f85652aade60d2bc390ec5edf9053c437b79d1675fb03791d048c5ad06f432e673cb2b38b2d5456
-
SSDEEP
3072:+ln05dgYTAGSoLODwl625PJyIkn7Vwe82D/neLO2S4zxAc983Nwhh4X/Ts:+l00EL/lgn7VwexD/eAQxmShh
Static task
static1
Malware Config
Extracted
danabot
-
embedded_hash
569235DCA8F16ED8310BBACCB674F896
-
type
loader
Extracted
vidar
55.2
937
https://t.me/slivetalks
https://c.im/@xinibin420
-
profile_id
937
Targets
-
-
Target
67076dd399a7a1ba3f6218f67b6241100241d51c5d8b9d79bec7631db0fe3aff
-
Size
219KB
-
MD5
826aa9234de38f7df9471a96123353f3
-
SHA1
45385e79156656d8e78002241afb6c54f34d3c00
-
SHA256
67076dd399a7a1ba3f6218f67b6241100241d51c5d8b9d79bec7631db0fe3aff
-
SHA512
a62ba58c4de2e6a8e515e8a9f2271770a39ad9c9b35c2b593f85652aade60d2bc390ec5edf9053c437b79d1675fb03791d048c5ad06f432e673cb2b38b2d5456
-
SSDEEP
3072:+ln05dgYTAGSoLODwl625PJyIkn7Vwe82D/neLO2S4zxAc983Nwhh4X/Ts:+l00EL/lgn7VwexD/eAQxmShh
-
Detects Smokeloader packer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-