General
-
Target
file.exe
-
Size
224KB
-
Sample
221024-qectzaghcn
-
MD5
25f3f533c6bd186c32f457db41c59e2c
-
SHA1
c359c5beef54f379dd054935a596920907ecfb9d
-
SHA256
03a0e7298d12838300b55acae66e5c132a980bd33ff63703d1657632326db543
-
SHA512
231b10ea2097979669c9aa4016c9294030cf878560f0a2f9eaf25f1047cf9dffa839fc6209b262876fa72d77b9b0ea33410d5f6a9a4d6bd9959fbc08b6472257
-
SSDEEP
3072:x9fH9d11sIzlKlLV4WUg6OWP5XEfvmRtSb0ppTGWqT1gK6l6:bfFSLVqgvWCf2bbSWqT1k
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Malware Config
Extracted
danabot
49.0.50.0:57
51.0.52.0:0
53.0.54.0:1200
55.0.56.0:65535
-
embedded_hash
569235DCA8F16ED8310BBACCB674F896
-
type
loader
Extracted
vidar
55.2
937
https://t.me/slivetalks
https://c.im/@xinibin420
-
profile_id
937
Targets
-
-
Target
file.exe
-
Size
224KB
-
MD5
25f3f533c6bd186c32f457db41c59e2c
-
SHA1
c359c5beef54f379dd054935a596920907ecfb9d
-
SHA256
03a0e7298d12838300b55acae66e5c132a980bd33ff63703d1657632326db543
-
SHA512
231b10ea2097979669c9aa4016c9294030cf878560f0a2f9eaf25f1047cf9dffa839fc6209b262876fa72d77b9b0ea33410d5f6a9a4d6bd9959fbc08b6472257
-
SSDEEP
3072:x9fH9d11sIzlKlLV4WUg6OWP5XEfvmRtSb0ppTGWqT1gK6l6:bfFSLVqgvWCf2bbSWqT1k
-
Detects Smokeloader packer
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-