General
-
Target
3ede64ae017beb5eba84727455e0a62d.exe
-
Size
220KB
-
Sample
221024-3yz5tsbaen
-
MD5
3ede64ae017beb5eba84727455e0a62d
-
SHA1
15f5284852c54f4c82785f4720b435d0aadb0b6b
-
SHA256
4edf038c49138517002ecc7e8e76b92f68ba97a6c5c665a3b1eddf9bdd79bb96
-
SHA512
4254755afbcb84473288cf1c97d44c9ced993919cbbeac0feaae3486303b4c1746a1861a0ad944d39382bc06d6e8ea9f284c56b250bbd580c0219d0e32fbaa7a
-
SSDEEP
3072:9vn/5dmETMMQyOLeewL6s5nmK1vBmW+T+IM863ilNkGhD5Jo/hnT:9v/Cd9LqLmam+t3QTtoJn
Static task
static1
Behavioral task
behavioral1
Sample
3ede64ae017beb5eba84727455e0a62d.exe
Resource
win7-20220812-en
Malware Config
Extracted
danabot
-
embedded_hash
569235DCA8F16ED8310BBACCB674F896
-
type
loader
Extracted
vidar
55.2
937
https://t.me/slivetalks
https://c.im/@xinibin420
-
profile_id
937
Targets
-
-
Target
3ede64ae017beb5eba84727455e0a62d.exe
-
Size
220KB
-
MD5
3ede64ae017beb5eba84727455e0a62d
-
SHA1
15f5284852c54f4c82785f4720b435d0aadb0b6b
-
SHA256
4edf038c49138517002ecc7e8e76b92f68ba97a6c5c665a3b1eddf9bdd79bb96
-
SHA512
4254755afbcb84473288cf1c97d44c9ced993919cbbeac0feaae3486303b4c1746a1861a0ad944d39382bc06d6e8ea9f284c56b250bbd580c0219d0e32fbaa7a
-
SSDEEP
3072:9vn/5dmETMMQyOLeewL6s5nmK1vBmW+T+IM863ilNkGhD5Jo/hnT:9v/Cd9LqLmam+t3QTtoJn
-
Detects Smokeloader packer
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-