General
-
Target
e01e28981c3fd3e9a1c4e80f85185813e846cc3542ce230ff107b6159be92380
-
Size
255KB
-
Sample
221025-wf2sdadddl
-
MD5
a5e10a6d9c533b516b74063b676ae10f
-
SHA1
5d06b940050e32bedbc0873baf80b04a5cffa676
-
SHA256
e01e28981c3fd3e9a1c4e80f85185813e846cc3542ce230ff107b6159be92380
-
SHA512
3d52a81ed8ade13dba35ea981768e956e8e6ec1ab6b4d49b66ca507544ef9bd484ed03bb76d100c40c83e23d751536c8617062726bae29ad042f6bf27fc8536a
-
SSDEEP
3072:VXVl+N488LHSFiphELLN8uRWmP6HFKTf/4cEFdHa6NfL7EIFlMdPmbu:RD7fLcAhELLN8tmgKTfAcEFrqIrGD
Static task
static1
Malware Config
Extracted
danabot
-
embedded_hash
569235DCA8F16ED8310BBACCB674F896
-
type
loader
Extracted
vidar
55.2
937
https://t.me/slivetalks
https://c.im/@xinibin420
-
profile_id
937
Targets
-
-
Target
e01e28981c3fd3e9a1c4e80f85185813e846cc3542ce230ff107b6159be92380
-
Size
255KB
-
MD5
a5e10a6d9c533b516b74063b676ae10f
-
SHA1
5d06b940050e32bedbc0873baf80b04a5cffa676
-
SHA256
e01e28981c3fd3e9a1c4e80f85185813e846cc3542ce230ff107b6159be92380
-
SHA512
3d52a81ed8ade13dba35ea981768e956e8e6ec1ab6b4d49b66ca507544ef9bd484ed03bb76d100c40c83e23d751536c8617062726bae29ad042f6bf27fc8536a
-
SSDEEP
3072:VXVl+N488LHSFiphELLN8uRWmP6HFKTf/4cEFdHa6NfL7EIFlMdPmbu:RD7fLcAhELLN8tmgKTfAcEFrqIrGD
-
Detects Smokeloader packer
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-