General
-
Target
a2055fc32a716d366a3876f3437577271327f4047d6b776c48194475f207693b
-
Size
260KB
-
Sample
221027-n9hbtscae5
-
MD5
54dc9b526b83ce015973964d899fd3f2
-
SHA1
2c1feacf643996927e59a7b9b8617d45082daa86
-
SHA256
a2055fc32a716d366a3876f3437577271327f4047d6b776c48194475f207693b
-
SHA512
1083ea45b0db6114bdc8df66ccdf5ce6f8e96962881acfc7305bc4bbdbecc4260134caa8af902079cd898967407c1c625b040abf7900f8d80d186d9ae6e3dc8d
-
SSDEEP
3072:5XDkaESc280jt0OwBFp4577+BVTFdYHIbXZug3rYYYzMTifl0K3:dSSNxt5wBFgKTLYHIYYrYYval0A
Static task
static1
Behavioral task
behavioral1
Sample
a2055fc32a716d366a3876f3437577271327f4047d6b776c48194475f207693b.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
danabot
172.86.120.215:443
213.227.155.103:443
103.187.26.147:443
172.86.120.138:443
49.0.50.0:57
51.0.52.0:0
53.0.54.0:1200
55.0.56.0:65535
-
embedded_hash
BBBB0DB8CB7E6D152424535822E445A7
-
type
loader
Targets
-
-
Target
a2055fc32a716d366a3876f3437577271327f4047d6b776c48194475f207693b
-
Size
260KB
-
MD5
54dc9b526b83ce015973964d899fd3f2
-
SHA1
2c1feacf643996927e59a7b9b8617d45082daa86
-
SHA256
a2055fc32a716d366a3876f3437577271327f4047d6b776c48194475f207693b
-
SHA512
1083ea45b0db6114bdc8df66ccdf5ce6f8e96962881acfc7305bc4bbdbecc4260134caa8af902079cd898967407c1c625b040abf7900f8d80d186d9ae6e3dc8d
-
SSDEEP
3072:5XDkaESc280jt0OwBFp4577+BVTFdYHIbXZug3rYYYzMTifl0K3:dSSNxt5wBFgKTLYHIYYrYYval0A
Score10/10-
Detects Smokeloader packer
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-