General
-
Target
ccbbf4523eab317ec144a3959a346fc9b414b47ad0d594c384f7be50ffba49c3
-
Size
215KB
-
Sample
221217-1w9kdahg68
-
MD5
9004b6a2345dc6a774f3de67a6729b10
-
SHA1
2637a9a9f737de1a2353307769b93a22a59e0fc5
-
SHA256
ccbbf4523eab317ec144a3959a346fc9b414b47ad0d594c384f7be50ffba49c3
-
SHA512
d360230e5008723586d003cf60549d0dbef3152b20913b1281db5ec4a87aafcc0b5b6be15b592dc2fd5105b2a7e62787a2b4565afdcd499215779970739f71c3
-
SSDEEP
3072:DIZ3cq4LgVZwR0RJpfLGrzKBqj5CEzGQK938/g3xoqNVxRAkFG3ERWR3Le:0Z3P4LgVjvZKKBqjQ6K9Mg3C0QXU0V6
Static task
static1
Behavioral task
behavioral1
Sample
ccbbf4523eab317ec144a3959a346fc9b414b47ad0d594c384f7be50ffba49c3.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
danabot
23.236.181.126:443
123.253.35.251:443
66.85.173.3:443
-
embedded_hash
66969BD52E200846D6BC8C33A6EA3B94
-
type
loader
Targets
-
-
Target
ccbbf4523eab317ec144a3959a346fc9b414b47ad0d594c384f7be50ffba49c3
-
Size
215KB
-
MD5
9004b6a2345dc6a774f3de67a6729b10
-
SHA1
2637a9a9f737de1a2353307769b93a22a59e0fc5
-
SHA256
ccbbf4523eab317ec144a3959a346fc9b414b47ad0d594c384f7be50ffba49c3
-
SHA512
d360230e5008723586d003cf60549d0dbef3152b20913b1281db5ec4a87aafcc0b5b6be15b592dc2fd5105b2a7e62787a2b4565afdcd499215779970739f71c3
-
SSDEEP
3072:DIZ3cq4LgVZwR0RJpfLGrzKBqj5CEzGQK938/g3xoqNVxRAkFG3ERWR3Le:0Z3P4LgVjvZKKBqjQ6K9Mg3C0QXU0V6
-
Detects Smokeloader packer
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Sets DLL path for service in the registry
-
Sets service image path in registry
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-