General
-
Target
b4776125acde5260a67acbd15941bb34f39529193e643065d38b303ce22bd9f1
-
Size
221KB
-
Sample
221024-yfrzaaace9
-
MD5
dfe88f1c8906f005d0578b5c24216102
-
SHA1
a0c51c5c598ec385ad07bdbecbd85d238662fd55
-
SHA256
b4776125acde5260a67acbd15941bb34f39529193e643065d38b303ce22bd9f1
-
SHA512
0ac5b94d1f59cb21c2e65d1712a991064b6b61a968592c5a76f974894f2ef448e94d18a804b4bc6e4839ce58583a9725280bbf3373a8d8a886044e954d7aee5a
-
SSDEEP
3072:NJnNB69go8qwQpHL12i5wjm6YQ5wGnVfzy4zpZYGyY6ZvUrKEXCR:NJH6CWpHL14jmxvsf/9qDZvU
Static task
static1
Malware Config
Extracted
danabot
-
embedded_hash
569235DCA8F16ED8310BBACCB674F896
-
type
loader
Extracted
vidar
55.2
937
https://t.me/slivetalks
https://c.im/@xinibin420
-
profile_id
937
Targets
-
-
Target
b4776125acde5260a67acbd15941bb34f39529193e643065d38b303ce22bd9f1
-
Size
221KB
-
MD5
dfe88f1c8906f005d0578b5c24216102
-
SHA1
a0c51c5c598ec385ad07bdbecbd85d238662fd55
-
SHA256
b4776125acde5260a67acbd15941bb34f39529193e643065d38b303ce22bd9f1
-
SHA512
0ac5b94d1f59cb21c2e65d1712a991064b6b61a968592c5a76f974894f2ef448e94d18a804b4bc6e4839ce58583a9725280bbf3373a8d8a886044e954d7aee5a
-
SSDEEP
3072:NJnNB69go8qwQpHL12i5wjm6YQ5wGnVfzy4zpZYGyY6ZvUrKEXCR:NJH6CWpHL14jmxvsf/9qDZvU
-
Detects Smokeloader packer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-