General
-
Target
file.exe
-
Size
259KB
-
Sample
221027-mtys7sbha9
-
MD5
01b0557075e5b6a6f1839a2a2095633b
-
SHA1
2c6c930e83ded8a90ee526d03ab1929d3bde07a7
-
SHA256
d4d01150e1b27e9c943097cbbe90aa7fa7c17bcc62b71d105ad82c5ecdbdb6d4
-
SHA512
8cd53ca386090dc38d1317828c3a9efb7abf41234c60032ceffaca09ca0b0883c5d73c763ca87e324b7eb26909f37fdc30e967615aef078277c2a5fb2d57e3ee
-
SSDEEP
3072:5XGVUAyT6kb0EaxybS5ZSaEDMKxRQ4tDViN083FA0RvDl6aur0Kc:dr5TPjaxy2SfW08VA0Rv3W0
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
danabot
172.86.120.215:443
213.227.155.103:443
103.187.26.147:443
172.86.120.138:443
-
embedded_hash
BBBB0DB8CB7E6D152424535822E445A7
-
type
loader
Targets
-
-
Target
file.exe
-
Size
259KB
-
MD5
01b0557075e5b6a6f1839a2a2095633b
-
SHA1
2c6c930e83ded8a90ee526d03ab1929d3bde07a7
-
SHA256
d4d01150e1b27e9c943097cbbe90aa7fa7c17bcc62b71d105ad82c5ecdbdb6d4
-
SHA512
8cd53ca386090dc38d1317828c3a9efb7abf41234c60032ceffaca09ca0b0883c5d73c763ca87e324b7eb26909f37fdc30e967615aef078277c2a5fb2d57e3ee
-
SSDEEP
3072:5XGVUAyT6kb0EaxybS5ZSaEDMKxRQ4tDViN083FA0RvDl6aur0Kc:dr5TPjaxy2SfW08VA0Rv3W0
Score10/10-
Detects Smokeloader packer
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-