General
-
Target
747400b85ea1a32f41016b22496ca24e.exe
-
Size
258KB
-
Sample
221024-sgqjyshdam
-
MD5
747400b85ea1a32f41016b22496ca24e
-
SHA1
9c4dce7638007955d9d259e7f11f3c1f237b1ce7
-
SHA256
dc48e95839bcfd343c62e0a574a94e9640b8463e9c5c29bf04e7423135307994
-
SHA512
aa97d2d29c97b17005e48ae540a74d127e568cbcaea514352dd5aa84c5c434aebc23ef4dd31bd890ceb617d49a60d4f15200a774ec23a211b68642759b333024
-
SSDEEP
6144:k9b3LPLnIJ1GTXZQOz1nJjVgmxaOAxyc9:S3zcfG9pQm0xyY
Behavioral task
behavioral1
Sample
747400b85ea1a32f41016b22496ca24e.exe
Resource
win7-20220901-en
Malware Config
Extracted
danabot
-
embedded_hash
569235DCA8F16ED8310BBACCB674F896
-
type
loader
Extracted
vidar
55.2
937
https://t.me/slivetalks
https://c.im/@xinibin420
-
profile_id
937
Targets
-
-
Target
747400b85ea1a32f41016b22496ca24e.exe
-
Size
258KB
-
MD5
747400b85ea1a32f41016b22496ca24e
-
SHA1
9c4dce7638007955d9d259e7f11f3c1f237b1ce7
-
SHA256
dc48e95839bcfd343c62e0a574a94e9640b8463e9c5c29bf04e7423135307994
-
SHA512
aa97d2d29c97b17005e48ae540a74d127e568cbcaea514352dd5aa84c5c434aebc23ef4dd31bd890ceb617d49a60d4f15200a774ec23a211b68642759b333024
-
SSDEEP
6144:k9b3LPLnIJ1GTXZQOz1nJjVgmxaOAxyc9:S3zcfG9pQm0xyY
-
Detect Neshta payload
-
Detects Smokeloader packer
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-