General
-
Target
file.exe
-
Size
259KB
-
Sample
221027-n6weaacad5
-
MD5
03898d366da3301b88d2cdf6f943a553
-
SHA1
f057861de2ec079f7164e056f6eecdb46dd34704
-
SHA256
8424efe2ab7d7dc98f0ac1b08425c8cfda74acc054faa032b19c6a906633f2a4
-
SHA512
a5259808cc6575170d8c56cf4a99ba9dcac8c2b729c60a5ab733ffae780244778e42efc1099a2aaab80cfd9e102675febede0e7c2428805658ab045044cca5ce
-
SSDEEP
6144:Kx0H0eEP5XX4foF8XW9JoUww0jvF9y0S:KmH0eEP5xF8Xa50jtJS
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
danabot
172.86.120.215:443
213.227.155.103:443
103.187.26.147:443
172.86.120.138:443
-
embedded_hash
BBBB0DB8CB7E6D152424535822E445A7
-
type
loader
Targets
-
-
Target
file.exe
-
Size
259KB
-
MD5
03898d366da3301b88d2cdf6f943a553
-
SHA1
f057861de2ec079f7164e056f6eecdb46dd34704
-
SHA256
8424efe2ab7d7dc98f0ac1b08425c8cfda74acc054faa032b19c6a906633f2a4
-
SHA512
a5259808cc6575170d8c56cf4a99ba9dcac8c2b729c60a5ab733ffae780244778e42efc1099a2aaab80cfd9e102675febede0e7c2428805658ab045044cca5ce
-
SSDEEP
6144:Kx0H0eEP5XX4foF8XW9JoUww0jvF9y0S:KmH0eEP5xF8Xa50jtJS
Score10/10-
Detects Smokeloader packer
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-