General
-
Target
file.exe
-
Size
260KB
-
Sample
221027-qcmldsccdk
-
MD5
0e1fe87be46c53d4ebe64ad3a9bebd26
-
SHA1
b0e585dc1ae1746bcad3f8c32b8d1487d3a99132
-
SHA256
6def751fed7bca16da66d7c1c370d283c8288331641ead7fa599890bc4e5bb16
-
SHA512
cac0e6a7848a1c7c1d1476ffc28ba338e78b0a4d3765c2dc5b2273821078340a71c31e08a27d14e7915764345acdf8c18e3a2de864de1c52d2271d7ed4ac96fc
-
SSDEEP
6144:eWHs2P/6Whqj2vBLTkKGQQCRTvQl7r0U:egs2P/6WsKBgeRTwA
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
danabot
172.86.120.215:443
213.227.155.103:443
103.187.26.147:443
172.86.120.138:443
49.0.50.0:57
51.0.52.0:0
53.0.54.0:1200
55.0.56.0:65535
-
embedded_hash
BBBB0DB8CB7E6D152424535822E445A7
-
type
loader
Targets
-
-
Target
file.exe
-
Size
260KB
-
MD5
0e1fe87be46c53d4ebe64ad3a9bebd26
-
SHA1
b0e585dc1ae1746bcad3f8c32b8d1487d3a99132
-
SHA256
6def751fed7bca16da66d7c1c370d283c8288331641ead7fa599890bc4e5bb16
-
SHA512
cac0e6a7848a1c7c1d1476ffc28ba338e78b0a4d3765c2dc5b2273821078340a71c31e08a27d14e7915764345acdf8c18e3a2de864de1c52d2271d7ed4ac96fc
-
SSDEEP
6144:eWHs2P/6Whqj2vBLTkKGQQCRTvQl7r0U:egs2P/6WsKBgeRTwA
Score10/10-
Detects Smokeloader packer
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-