General
-
Target
file.exe
-
Size
213KB
-
Sample
221218-bbg7ysac36
-
MD5
a1c9a67736cb6a5f5cc8ef0d2cc18a77
-
SHA1
eea448dd8ff1eda01c89a12719e9852e702f75f6
-
SHA256
be6d8fb079edde785e2c8aad62460ea5bef26bc82ea25eec043ccb8ebbbe37ec
-
SHA512
620370bd6b85f3dc745ef8185fbe65f504400a1f1151fe29128ba826f8896e215aace629c3e30f38fad29bbf83b133bb1275052867c7ac750d28d32993bb2ee5
-
SSDEEP
3072:u81aRudfDLppHZwRqe1p9pn3ch5Z4A+zfN8/g3xoNu0WdPIpb3G3ERWR3Le:JARGbLpNw1LCcOg3CNTYQpbWU0V6
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
danabot
23.236.181.126:443
123.253.35.251:443
66.85.173.3:443
-
embedded_hash
8F56CD73F6B5CD5D7B17B0BA61E70A82
-
type
loader
Targets
-
-
Target
file.exe
-
Size
213KB
-
MD5
a1c9a67736cb6a5f5cc8ef0d2cc18a77
-
SHA1
eea448dd8ff1eda01c89a12719e9852e702f75f6
-
SHA256
be6d8fb079edde785e2c8aad62460ea5bef26bc82ea25eec043ccb8ebbbe37ec
-
SHA512
620370bd6b85f3dc745ef8185fbe65f504400a1f1151fe29128ba826f8896e215aace629c3e30f38fad29bbf83b133bb1275052867c7ac750d28d32993bb2ee5
-
SSDEEP
3072:u81aRudfDLppHZwRqe1p9pn3ch5Z4A+zfN8/g3xoNu0WdPIpb3G3ERWR3Le:JARGbLpNw1LCcOg3CNTYQpbWU0V6
Score10/10-
Detects Smokeloader packer
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-