General
-
Target
8f2029a2509571ff5434183da28750b02fca3a8a77c1a443dfd0d14e6fa9a069
-
Size
230KB
-
Sample
221025-hhlmaabgf3
-
MD5
a630df0807723b8ebeb001b2fc9716f1
-
SHA1
ef4a29e6a63d70577d0fc07be2a3b4535f3a5a13
-
SHA256
8f2029a2509571ff5434183da28750b02fca3a8a77c1a443dfd0d14e6fa9a069
-
SHA512
de5678912983aa204b7e96557cf784276ec4f3d7406eecf458130e4f294839d1a75d7d8758d70e33128e377b7e0b0ac995362891223ee9485430318eeb0694ea
-
SSDEEP
3072:+XIXGMVLGiOJ5tuGAhAtO3JgNEPTIlnWOmpwdkzkfnoA84Pal:GTMVL5ORuhAg3TbIlRsWs4Pal
Static task
static1
Malware Config
Extracted
danabot
-
embedded_hash
569235DCA8F16ED8310BBACCB674F896
-
type
loader
Extracted
vidar
55.2
937
https://t.me/slivetalks
https://c.im/@xinibin420
-
profile_id
937
Targets
-
-
Target
8f2029a2509571ff5434183da28750b02fca3a8a77c1a443dfd0d14e6fa9a069
-
Size
230KB
-
MD5
a630df0807723b8ebeb001b2fc9716f1
-
SHA1
ef4a29e6a63d70577d0fc07be2a3b4535f3a5a13
-
SHA256
8f2029a2509571ff5434183da28750b02fca3a8a77c1a443dfd0d14e6fa9a069
-
SHA512
de5678912983aa204b7e96557cf784276ec4f3d7406eecf458130e4f294839d1a75d7d8758d70e33128e377b7e0b0ac995362891223ee9485430318eeb0694ea
-
SSDEEP
3072:+XIXGMVLGiOJ5tuGAhAtO3JgNEPTIlnWOmpwdkzkfnoA84Pal:GTMVL5ORuhAg3TbIlRsWs4Pal
-
Detects Smokeloader packer
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-