General
-
Target
4ce542d14230b8774aef2b7b7336070404ce1e530b0df045a874d0d1e514fc41
-
Size
260KB
-
Sample
221027-snvr9acfcr
-
MD5
e5f370f8c44209601142c1cd8e59feeb
-
SHA1
970c6e81697043ac2a28f408bf3aadcd868fd93e
-
SHA256
4ce542d14230b8774aef2b7b7336070404ce1e530b0df045a874d0d1e514fc41
-
SHA512
75056a46a0e22c5909d4e29faab8f510444b1a30f20214d32cf0a17d6ad04d089badcc0e548f32f84ffcd7ba6bfe313c6530cd14bcc5fae11e91d8f5ae7812f7
-
SSDEEP
3072:JXKhvYc10U0hP/6m1h45F8X1H4tYcPN9yX2MjPoQ8Sa7Xob0Ko:tkH/2P/6m1eaJ4d2GCaG0T
Static task
static1
Behavioral task
behavioral1
Sample
4ce542d14230b8774aef2b7b7336070404ce1e530b0df045a874d0d1e514fc41.exe
Resource
win10-20220812-en
Malware Config
Extracted
danabot
172.86.120.215:443
213.227.155.103:443
103.187.26.147:443
172.86.120.138:443
49.0.50.0:57
51.0.52.0:0
53.0.54.0:1200
55.0.56.0:65535
-
embedded_hash
BBBB0DB8CB7E6D152424535822E445A7
-
type
loader
Targets
-
-
Target
4ce542d14230b8774aef2b7b7336070404ce1e530b0df045a874d0d1e514fc41
-
Size
260KB
-
MD5
e5f370f8c44209601142c1cd8e59feeb
-
SHA1
970c6e81697043ac2a28f408bf3aadcd868fd93e
-
SHA256
4ce542d14230b8774aef2b7b7336070404ce1e530b0df045a874d0d1e514fc41
-
SHA512
75056a46a0e22c5909d4e29faab8f510444b1a30f20214d32cf0a17d6ad04d089badcc0e548f32f84ffcd7ba6bfe313c6530cd14bcc5fae11e91d8f5ae7812f7
-
SSDEEP
3072:JXKhvYc10U0hP/6m1h45F8X1H4tYcPN9yX2MjPoQ8Sa7Xob0Ko:tkH/2P/6m1eaJ4d2GCaG0T
Score10/10-
Detects Smokeloader packer
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Suspicious use of SetThreadContext
-