General
-
Target
76bf0e526260acf427746a3070bcb9a920dbadd0023a7829f793ea2b57ef7a5d
-
Size
220KB
-
Sample
221025-ds8gksbdf3
-
MD5
4d1eb7b9e286dbb9f82ae958c3bb2394
-
SHA1
8e8458e39b6723f16b686c4d1eac60b3020d8efb
-
SHA256
76bf0e526260acf427746a3070bcb9a920dbadd0023a7829f793ea2b57ef7a5d
-
SHA512
63e06f58d55ca9d1ac96310b64d2e2cf8fb5a82768124846363e98eaafbc4c46c15a5f61ab22e0958a2edf15043b1fc404adc521dc99ca69e5f3e90c61676b6c
-
SSDEEP
3072:O5nP5d84THy2ULgJWwp635aAHy+1IsCZIAE3501ARhzGjvbQZ:O5PInLYpNfPsCqVIARha
Static task
static1
Malware Config
Extracted
danabot
-
embedded_hash
569235DCA8F16ED8310BBACCB674F896
-
type
loader
Extracted
vidar
55.2
937
https://t.me/slivetalks
https://c.im/@xinibin420
-
profile_id
937
Targets
-
-
Target
76bf0e526260acf427746a3070bcb9a920dbadd0023a7829f793ea2b57ef7a5d
-
Size
220KB
-
MD5
4d1eb7b9e286dbb9f82ae958c3bb2394
-
SHA1
8e8458e39b6723f16b686c4d1eac60b3020d8efb
-
SHA256
76bf0e526260acf427746a3070bcb9a920dbadd0023a7829f793ea2b57ef7a5d
-
SHA512
63e06f58d55ca9d1ac96310b64d2e2cf8fb5a82768124846363e98eaafbc4c46c15a5f61ab22e0958a2edf15043b1fc404adc521dc99ca69e5f3e90c61676b6c
-
SSDEEP
3072:O5nP5d84THy2ULgJWwp635aAHy+1IsCZIAE3501ARhzGjvbQZ:O5PInLYpNfPsCqVIARha
-
Detects Smokeloader packer
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-