General
-
Target
5A5529A6EBD6DA67F707B2E4822D2F2935B261A074B2F.exe
-
Size
300KB
-
Sample
221024-3bzwjsbaa2
-
MD5
85eb63270ef16d4912d675f1076a380b
-
SHA1
417e27c204a4aa5a7cef4e1156a278b2cd6ca798
-
SHA256
5a5529a6ebd6da67f707b2e4822d2f2935b261a074b2fb482521c5889a982671
-
SHA512
0696232fcf9d0287f241dd39efb57cd4aaf943bc0819805a834bf57f3a5319b7531ff400959086815f5d142fb4b49e4901739d0a0943c831cb91d7f03bef94e9
-
SSDEEP
3072:AZXW4jAU1UbaFET2RDLuz3TbgbzHC0KdWRLfM/h3BsxkgaBChU/pZa9uD6Vdyhkk:QW4D+rz3qzHC08ITnigabwVf
Static task
static1
Behavioral task
behavioral1
Sample
5A5529A6EBD6DA67F707B2E4822D2F2935B261A074B2F.exe
Resource
win7-20220812-en
Malware Config
Extracted
danabot
-
embedded_hash
569235DCA8F16ED8310BBACCB674F896
-
type
loader
Extracted
vidar
55.2
937
https://t.me/slivetalks
https://c.im/@xinibin420
-
profile_id
937
Targets
-
-
Target
5A5529A6EBD6DA67F707B2E4822D2F2935B261A074B2F.exe
-
Size
300KB
-
MD5
85eb63270ef16d4912d675f1076a380b
-
SHA1
417e27c204a4aa5a7cef4e1156a278b2cd6ca798
-
SHA256
5a5529a6ebd6da67f707b2e4822d2f2935b261a074b2fb482521c5889a982671
-
SHA512
0696232fcf9d0287f241dd39efb57cd4aaf943bc0819805a834bf57f3a5319b7531ff400959086815f5d142fb4b49e4901739d0a0943c831cb91d7f03bef94e9
-
SSDEEP
3072:AZXW4jAU1UbaFET2RDLuz3TbgbzHC0KdWRLfM/h3BsxkgaBChU/pZa9uD6Vdyhkk:QW4D+rz3qzHC08ITnigabwVf
-
Detects Smokeloader packer
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-