General
-
Target
d42f6a92fba957c4fe878c4849170e8fefe4b75034e29871e41f424154f05b32
-
Size
256KB
-
Sample
221027-hzfscsbda5
-
MD5
bd9ff58497229f7015c3cd287022cfd4
-
SHA1
c499d10e11d190138661c4a9986711328c2ebfc1
-
SHA256
d42f6a92fba957c4fe878c4849170e8fefe4b75034e29871e41f424154f05b32
-
SHA512
14ca1bc35b93af8525b42758ba985d434acc4bb4a02847f83c35ad444120f88a79e2f7f9299215e75dfb61cf4ec8a5e65be19e0a894e78ad26f613b0277fd251
-
SSDEEP
3072:ZXidljmYml8C6d+X6KZRf08bQG6r7hF7xA+aUvRHLZUQQpFzi62QRfQ6fJLuKAe:9qjm4m6KVb6r7LlAO5HLZUQQpFmIQSf
Static task
static1
Behavioral task
behavioral1
Sample
d42f6a92fba957c4fe878c4849170e8fefe4b75034e29871e41f424154f05b32.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
danabot
172.86.120.215:443
213.227.155.103:443
103.187.26.147:443
172.86.120.138:443
49.0.50.0:57
51.0.52.0:0
53.0.54.0:1200
55.0.56.0:65535
-
embedded_hash
BBBB0DB8CB7E6D152424535822E445A7
-
type
loader
Targets
-
-
Target
d42f6a92fba957c4fe878c4849170e8fefe4b75034e29871e41f424154f05b32
-
Size
256KB
-
MD5
bd9ff58497229f7015c3cd287022cfd4
-
SHA1
c499d10e11d190138661c4a9986711328c2ebfc1
-
SHA256
d42f6a92fba957c4fe878c4849170e8fefe4b75034e29871e41f424154f05b32
-
SHA512
14ca1bc35b93af8525b42758ba985d434acc4bb4a02847f83c35ad444120f88a79e2f7f9299215e75dfb61cf4ec8a5e65be19e0a894e78ad26f613b0277fd251
-
SSDEEP
3072:ZXidljmYml8C6d+X6KZRf08bQG6r7hF7xA+aUvRHLZUQQpFzi62QRfQ6fJLuKAe:9qjm4m6KVb6r7LlAO5HLZUQQpFmIQSf
Score10/10-
Detects Smokeloader packer
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-