General
-
Target
7e081f5bc017df7f420a1a618f90d6a7.exe
-
Size
221KB
-
Sample
221024-zgewsaaeam
-
MD5
7e081f5bc017df7f420a1a618f90d6a7
-
SHA1
24913206e238e3db19dc69029251c2d0e5371bd7
-
SHA256
572ac7dff276a3aa176be9865b4880827fe4cd6a1e2d6321c038aa981f819ba9
-
SHA512
adcc2edfd34c2b6ca94ee225debaae1aac1ca39d85a060a1ffad93fad38afbbd0fb14d95bf354f1341c5fae27056d9de81379f9b7b79a2d9b33d49e284e3f107
-
SSDEEP
3072:eDnN/F9m28aS+hBLcuKZwac6ua5iA+exPb35ODM+MgOVYR5N2Or:eDRFccBLRacLN3exPbpQ2guY3w
Static task
static1
Behavioral task
behavioral1
Sample
7e081f5bc017df7f420a1a618f90d6a7.exe
Resource
win7-20220901-en
Malware Config
Extracted
danabot
-
embedded_hash
569235DCA8F16ED8310BBACCB674F896
-
type
loader
Extracted
vidar
55.2
937
https://t.me/slivetalks
https://c.im/@xinibin420
-
profile_id
937
Targets
-
-
Target
7e081f5bc017df7f420a1a618f90d6a7.exe
-
Size
221KB
-
MD5
7e081f5bc017df7f420a1a618f90d6a7
-
SHA1
24913206e238e3db19dc69029251c2d0e5371bd7
-
SHA256
572ac7dff276a3aa176be9865b4880827fe4cd6a1e2d6321c038aa981f819ba9
-
SHA512
adcc2edfd34c2b6ca94ee225debaae1aac1ca39d85a060a1ffad93fad38afbbd0fb14d95bf354f1341c5fae27056d9de81379f9b7b79a2d9b33d49e284e3f107
-
SSDEEP
3072:eDnN/F9m28aS+hBLcuKZwac6ua5iA+exPb35ODM+MgOVYR5N2Or:eDRFccBLRacLN3exPbpQ2guY3w
-
Detects Smokeloader packer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-