General
-
Target
d4d01150e1b27e9c943097cbbe90aa7fa7c17bcc62b71d105ad82c5ecdbdb6d4
-
Size
259KB
-
Sample
221027-lyy44abggp
-
MD5
01b0557075e5b6a6f1839a2a2095633b
-
SHA1
2c6c930e83ded8a90ee526d03ab1929d3bde07a7
-
SHA256
d4d01150e1b27e9c943097cbbe90aa7fa7c17bcc62b71d105ad82c5ecdbdb6d4
-
SHA512
8cd53ca386090dc38d1317828c3a9efb7abf41234c60032ceffaca09ca0b0883c5d73c763ca87e324b7eb26909f37fdc30e967615aef078277c2a5fb2d57e3ee
-
SSDEEP
3072:5XGVUAyT6kb0EaxybS5ZSaEDMKxRQ4tDViN083FA0RvDl6aur0Kc:dr5TPjaxy2SfW08VA0Rv3W0
Static task
static1
Malware Config
Extracted
danabot
172.86.120.215:443
213.227.155.103:443
103.187.26.147:443
172.86.120.138:443
49.0.50.0:57
51.0.52.0:0
53.0.54.0:1200
55.0.56.0:65535
-
embedded_hash
BBBB0DB8CB7E6D152424535822E445A7
-
type
loader
Extracted
systembc
45.182.189.231:443
Targets
-
-
Target
d4d01150e1b27e9c943097cbbe90aa7fa7c17bcc62b71d105ad82c5ecdbdb6d4
-
Size
259KB
-
MD5
01b0557075e5b6a6f1839a2a2095633b
-
SHA1
2c6c930e83ded8a90ee526d03ab1929d3bde07a7
-
SHA256
d4d01150e1b27e9c943097cbbe90aa7fa7c17bcc62b71d105ad82c5ecdbdb6d4
-
SHA512
8cd53ca386090dc38d1317828c3a9efb7abf41234c60032ceffaca09ca0b0883c5d73c763ca87e324b7eb26909f37fdc30e967615aef078277c2a5fb2d57e3ee
-
SSDEEP
3072:5XGVUAyT6kb0EaxybS5ZSaEDMKxRQ4tDViN083FA0RvDl6aur0Kc:dr5TPjaxy2SfW08VA0Rv3W0
-
Detects Smokeloader packer
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-