General
-
Target
9b9ea71d54e0eb26924d7ead991f2a94.exe
-
Size
221KB
-
Sample
221024-yenkgaacgr
-
MD5
9b9ea71d54e0eb26924d7ead991f2a94
-
SHA1
e79860adf981372eb85d6f7b278952ab4c2af732
-
SHA256
206940d56e74c486cc4af8b25bc78295581bbf439bac64d4384b96c66f4ff575
-
SHA512
484fc4f5ec15dd016fca2adbec2a15905515d59c790717ce792f79904b87e420822ea46baaf52b2a1f4ffb162bb4841f34924caf985a248d9474176083e63e70
-
SSDEEP
3072:P9n+YBj/ESbcu7o6lphGLWgXOwU6Ahsz5vhL8bzPsG5CiTb/idBs2Il:P9vjsSVhGL9ZUBhJbz0OCwbOrI
Static task
static1
Behavioral task
behavioral1
Sample
9b9ea71d54e0eb26924d7ead991f2a94.exe
Resource
win7-20220901-en
Malware Config
Extracted
danabot
-
embedded_hash
569235DCA8F16ED8310BBACCB674F896
-
type
loader
Extracted
vidar
55.2
937
https://t.me/slivetalks
https://c.im/@xinibin420
-
profile_id
937
Targets
-
-
Target
9b9ea71d54e0eb26924d7ead991f2a94.exe
-
Size
221KB
-
MD5
9b9ea71d54e0eb26924d7ead991f2a94
-
SHA1
e79860adf981372eb85d6f7b278952ab4c2af732
-
SHA256
206940d56e74c486cc4af8b25bc78295581bbf439bac64d4384b96c66f4ff575
-
SHA512
484fc4f5ec15dd016fca2adbec2a15905515d59c790717ce792f79904b87e420822ea46baaf52b2a1f4ffb162bb4841f34924caf985a248d9474176083e63e70
-
SSDEEP
3072:P9n+YBj/ESbcu7o6lphGLWgXOwU6Ahsz5vhL8bzPsG5CiTb/idBs2Il:P9vjsSVhGL9ZUBhJbz0OCwbOrI
-
Detects Smokeloader packer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-