General
-
Target
file.exe
-
Size
255KB
-
Sample
221027-kxqwnabfgj
-
MD5
e45c5a6b86f88d05f6a7a803ebfc7d54
-
SHA1
621d16be1446624651204808e26e5e8d216dc11f
-
SHA256
1bef32d79e229d8cc8f78866280f4ccd5f16f599850f02f9db876ed70f4bf482
-
SHA512
cc6224c7d097b9187268113e93f9eef5c9e9571254f518e7b24c15d9e2cbc16f28f10bfb80824243c4989a4d1f2f7e2a01e0b4316e58867a746e7ca15e8d358c
-
SSDEEP
3072:EXi/maJUdsa8HFq56I7X+eRU5RZ3t1uTQefJsQLTIdzE8VN:AYmaJUN4I7q5Rb1oaH
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
danabot
172.86.120.215:443
213.227.155.103:443
103.187.26.147:443
172.86.120.138:443
49.0.50.0:57
51.0.52.0:0
53.0.54.0:1200
55.0.56.0:65535
-
embedded_hash
BBBB0DB8CB7E6D152424535822E445A7
-
type
loader
Targets
-
-
Target
file.exe
-
Size
255KB
-
MD5
e45c5a6b86f88d05f6a7a803ebfc7d54
-
SHA1
621d16be1446624651204808e26e5e8d216dc11f
-
SHA256
1bef32d79e229d8cc8f78866280f4ccd5f16f599850f02f9db876ed70f4bf482
-
SHA512
cc6224c7d097b9187268113e93f9eef5c9e9571254f518e7b24c15d9e2cbc16f28f10bfb80824243c4989a4d1f2f7e2a01e0b4316e58867a746e7ca15e8d358c
-
SSDEEP
3072:EXi/maJUdsa8HFq56I7X+eRU5RZ3t1uTQefJsQLTIdzE8VN:AYmaJUN4I7q5Rb1oaH
Score10/10-
Detects Smokeloader packer
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-