General
-
Target
dad2eba4c90ce1e62ba842516e64cacd4daf1d3212bc95ac06a313c48dbefa98
-
Size
255KB
-
Sample
221025-vmsydadcc5
-
MD5
db6ff718c9b713a3cb847be4f06ddcab
-
SHA1
cf9960f1e7abd836390a090f9710430828a4df53
-
SHA256
dad2eba4c90ce1e62ba842516e64cacd4daf1d3212bc95ac06a313c48dbefa98
-
SHA512
32d78186df350fef442e5cda5d22f597aed9c8b616c2ef673fd84e06e175e6ea44ec58f22aee6a5b7b7f0da89bc341421cf660b93ae17c143a4090139d9344a2
-
SSDEEP
6144:Iu7fLcAhELLN89bTam9aUMpzHti4p+ui:IqoAhELp85TamIhNi4U
Static task
static1
Malware Config
Extracted
danabot
-
embedded_hash
569235DCA8F16ED8310BBACCB674F896
-
type
loader
Extracted
vidar
55.2
937
https://t.me/slivetalks
https://c.im/@xinibin420
-
profile_id
937
Targets
-
-
Target
dad2eba4c90ce1e62ba842516e64cacd4daf1d3212bc95ac06a313c48dbefa98
-
Size
255KB
-
MD5
db6ff718c9b713a3cb847be4f06ddcab
-
SHA1
cf9960f1e7abd836390a090f9710430828a4df53
-
SHA256
dad2eba4c90ce1e62ba842516e64cacd4daf1d3212bc95ac06a313c48dbefa98
-
SHA512
32d78186df350fef442e5cda5d22f597aed9c8b616c2ef673fd84e06e175e6ea44ec58f22aee6a5b7b7f0da89bc341421cf660b93ae17c143a4090139d9344a2
-
SSDEEP
6144:Iu7fLcAhELLN89bTam9aUMpzHti4p+ui:IqoAhELp85TamIhNi4U
-
Detects Smokeloader packer
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-