General
-
Target
file.exe
-
Size
214KB
-
Sample
221217-x9hf9shc87
-
MD5
2d0c7c4ee53da3f8da010c55c53404fb
-
SHA1
da540524373b80cd1bc03bf94bfa8e513c2f3b1a
-
SHA256
44663130dda69ac26c3e8425c7b7a55fa17287afee9e76698679e978c843a9cd
-
SHA512
9b17d94596797a8a697bc1c32d71c7311d7d354b8ddaabc35182ca0ec6ea62bddd646ed2d2d8c36ebacd41a2cb12deb794e59fe7aaaed50b31edd577120f55dc
-
SSDEEP
3072:yiZCQ+nL0NZ8RXQZFDByc4e6j4x2RH8/g3xoRabKr0ODG3ERWR3Le:yQCjnL0NeQZFDs4x2R8g3CR6s0JU0V6
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
danabot
49.0.50.0:57
51.0.52.0:0
53.0.54.0:1200
55.0.56.0:65535
-
type
loader
Targets
-
-
Target
file.exe
-
Size
214KB
-
MD5
2d0c7c4ee53da3f8da010c55c53404fb
-
SHA1
da540524373b80cd1bc03bf94bfa8e513c2f3b1a
-
SHA256
44663130dda69ac26c3e8425c7b7a55fa17287afee9e76698679e978c843a9cd
-
SHA512
9b17d94596797a8a697bc1c32d71c7311d7d354b8ddaabc35182ca0ec6ea62bddd646ed2d2d8c36ebacd41a2cb12deb794e59fe7aaaed50b31edd577120f55dc
-
SSDEEP
3072:yiZCQ+nL0NZ8RXQZFDByc4e6j4x2RH8/g3xoRabKr0ODG3ERWR3Le:yQCjnL0NeQZFDs4x2R8g3CR6s0JU0V6
Score10/10-
Detects Smokeloader packer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-