General
-
Target
d3724cfecd9a047a6c14bb98539dcad6b2bdc1bce1ce78fb0e87ceca4bcf162a
-
Size
261KB
-
Sample
221027-sl48xacfcm
-
MD5
520d3825e03e2376fa5fcea29ef5649d
-
SHA1
337ca41b2cc1ebbf4c29e241a7cf89975bdbf343
-
SHA256
d3724cfecd9a047a6c14bb98539dcad6b2bdc1bce1ce78fb0e87ceca4bcf162a
-
SHA512
a6663e5c2bf81c5135cef5e7c62eda32de35f924d716d5e29635f7d44ebf6ccba2e75a8675823f0e28caa012c643a9f437a7030a044f2f8cc4697cc4eebb2929
-
SSDEEP
3072:aXajWcuBO030RoCJbl45F7UUmez4+qwWylMOBdQnPyH9I3wOYH0KC:6nlB/+oCJbqm44+1WJOBsPMI3w7H01
Static task
static1
Behavioral task
behavioral1
Sample
d3724cfecd9a047a6c14bb98539dcad6b2bdc1bce1ce78fb0e87ceca4bcf162a.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
danabot
172.86.120.215:443
213.227.155.103:443
103.187.26.147:443
172.86.120.138:443
49.0.50.0:57
51.0.52.0:0
53.0.54.0:1200
55.0.56.0:65535
-
embedded_hash
BBBB0DB8CB7E6D152424535822E445A7
-
type
loader
Targets
-
-
Target
d3724cfecd9a047a6c14bb98539dcad6b2bdc1bce1ce78fb0e87ceca4bcf162a
-
Size
261KB
-
MD5
520d3825e03e2376fa5fcea29ef5649d
-
SHA1
337ca41b2cc1ebbf4c29e241a7cf89975bdbf343
-
SHA256
d3724cfecd9a047a6c14bb98539dcad6b2bdc1bce1ce78fb0e87ceca4bcf162a
-
SHA512
a6663e5c2bf81c5135cef5e7c62eda32de35f924d716d5e29635f7d44ebf6ccba2e75a8675823f0e28caa012c643a9f437a7030a044f2f8cc4697cc4eebb2929
-
SSDEEP
3072:aXajWcuBO030RoCJbl45F7UUmez4+qwWylMOBdQnPyH9I3wOYH0KC:6nlB/+oCJbqm44+1WJOBsPMI3w7H01
Score10/10-
Detects Smokeloader packer
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-