General
-
Target
88ddae9c0cc427a471e258cfd2a991a779a1d368681844eee4c878a4b29855cd
-
Size
214KB
-
Sample
221217-1hl7xshg27
-
MD5
ff5f44efb56f722020deeb3680fa3129
-
SHA1
2d6bba466c5cc507320e40006997c6cad19e5094
-
SHA256
88ddae9c0cc427a471e258cfd2a991a779a1d368681844eee4c878a4b29855cd
-
SHA512
cf24c319363c14ccb99c0c2ca3bde07cc687e8f4fd948742f103889d1aa2ea88b3d72ae344533f4f363a01185890c6ee46ec4111df76ce6a469de26353ed70af
-
SSDEEP
3072:rOnyOn0WLymZ8Raxyvf4//vX4cgfQ+SHFSo3tJ68/g3xobiV1kG3ERWR3Le:ryl0WLymQtcgfoFXtpg3CbmvU0V6
Static task
static1
Behavioral task
behavioral1
Sample
88ddae9c0cc427a471e258cfd2a991a779a1d368681844eee4c878a4b29855cd.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
danabot
49.0.50.0:57
51.0.52.0:0
53.0.54.0:1200
55.0.56.0:65535
-
type
loader
Targets
-
-
Target
88ddae9c0cc427a471e258cfd2a991a779a1d368681844eee4c878a4b29855cd
-
Size
214KB
-
MD5
ff5f44efb56f722020deeb3680fa3129
-
SHA1
2d6bba466c5cc507320e40006997c6cad19e5094
-
SHA256
88ddae9c0cc427a471e258cfd2a991a779a1d368681844eee4c878a4b29855cd
-
SHA512
cf24c319363c14ccb99c0c2ca3bde07cc687e8f4fd948742f103889d1aa2ea88b3d72ae344533f4f363a01185890c6ee46ec4111df76ce6a469de26353ed70af
-
SSDEEP
3072:rOnyOn0WLymZ8Raxyvf4//vX4cgfQ+SHFSo3tJ68/g3xobiV1kG3ERWR3Le:ryl0WLymQtcgfoFXtpg3CbmvU0V6
Score10/10-
Detects Smokeloader packer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-