General
-
Target
BA317887C3057DA350F05457E7D47F1BEB62AB6C381DB.exe
-
Size
209KB
-
Sample
221024-r757nahcf7
-
MD5
7404b91ed3fabf2597f9ef51fd364911
-
SHA1
1e27af6395c118e70da96525b8aa55ab19fa395a
-
SHA256
ba317887c3057da350f05457e7d47f1beb62ab6c381db6e8e990bab12976a1f3
-
SHA512
27993fd24203d68589eddc5b0ca025a1f08e6632e6fe71d7b0362e44dfb75d4c66e337e159bd66b0e5e727d17ddb874f745b395a304069ea2cf465acea653681
-
SSDEEP
3072:GueYRdmv21XlHf3W/dYsrxuEzr9ynLqjbwOXng8B6twTNyZZ0EYVesxkgaBChl:GeRUMVHfxsrx6qjbxZ6ehn3biga
Static task
static1
Behavioral task
behavioral1
Sample
BA317887C3057DA350F05457E7D47F1BEB62AB6C381DB.exe
Resource
win7-20220812-en
Malware Config
Extracted
danabot
-
embedded_hash
569235DCA8F16ED8310BBACCB674F896
-
type
loader
Extracted
vidar
55.2
937
https://t.me/slivetalks
https://c.im/@xinibin420
-
profile_id
937
Targets
-
-
Target
BA317887C3057DA350F05457E7D47F1BEB62AB6C381DB.exe
-
Size
209KB
-
MD5
7404b91ed3fabf2597f9ef51fd364911
-
SHA1
1e27af6395c118e70da96525b8aa55ab19fa395a
-
SHA256
ba317887c3057da350f05457e7d47f1beb62ab6c381db6e8e990bab12976a1f3
-
SHA512
27993fd24203d68589eddc5b0ca025a1f08e6632e6fe71d7b0362e44dfb75d4c66e337e159bd66b0e5e727d17ddb874f745b395a304069ea2cf465acea653681
-
SSDEEP
3072:GueYRdmv21XlHf3W/dYsrxuEzr9ynLqjbwOXng8B6twTNyZZ0EYVesxkgaBChl:GeRUMVHfxsrx6qjbxZ6ehn3biga
-
Detects Smokeloader packer
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-