General
-
Target
D1B8AB6CCABE495CE293804A21D22FD820334E49E8D51.exe
-
Size
301KB
-
Sample
221024-3nl58ababr
-
MD5
868d713b773d3812ed720b49e0b25de3
-
SHA1
3aab506746537e9f0d4cb39a40a8991251e0543e
-
SHA256
d1b8ab6ccabe495ce293804a21d22fd820334e49e8d51678bb814a3da93b6cab
-
SHA512
4b098286d545bacf1a5c9622c3fe5ae2163bff675ca333625b2fff66260c48e92f38644d3f44ab0b5875c9ad23aa158383ba00367b6639bb2cc46777f7c55ba7
-
SSDEEP
3072:MZXt4TNyHthtX5zXmm8C2RcDTTu1y7ih8WVt4I8Pa0KFrB7JNzM/h3BsxkgaBChj:UtuabzPTTu02nqPa0OznigabwVfv
Static task
static1
Behavioral task
behavioral1
Sample
D1B8AB6CCABE495CE293804A21D22FD820334E49E8D51.exe
Resource
win7-20220812-en
Malware Config
Extracted
danabot
-
embedded_hash
569235DCA8F16ED8310BBACCB674F896
-
type
loader
Extracted
vidar
55.2
937
https://t.me/slivetalks
https://c.im/@xinibin420
-
profile_id
937
Targets
-
-
Target
D1B8AB6CCABE495CE293804A21D22FD820334E49E8D51.exe
-
Size
301KB
-
MD5
868d713b773d3812ed720b49e0b25de3
-
SHA1
3aab506746537e9f0d4cb39a40a8991251e0543e
-
SHA256
d1b8ab6ccabe495ce293804a21d22fd820334e49e8d51678bb814a3da93b6cab
-
SHA512
4b098286d545bacf1a5c9622c3fe5ae2163bff675ca333625b2fff66260c48e92f38644d3f44ab0b5875c9ad23aa158383ba00367b6639bb2cc46777f7c55ba7
-
SSDEEP
3072:MZXt4TNyHthtX5zXmm8C2RcDTTu1y7ih8WVt4I8Pa0KFrB7JNzM/h3BsxkgaBChj:UtuabzPTTu02nqPa0OznigabwVfv
-
Detects Smokeloader packer
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-