General
-
Target
9c76302f9096c0f7f9474d495607ef306dc101b9cbbdd652d99c137d88426ac0
-
Size
213KB
-
Sample
221218-bjdvhadb8t
-
MD5
e19e872d0ea3c395f5e207bda52da9e8
-
SHA1
402ab88f125ad2a34b5295d8e33e59e09621f139
-
SHA256
9c76302f9096c0f7f9474d495607ef306dc101b9cbbdd652d99c137d88426ac0
-
SHA512
04074d29322d85c8a70cd0fce4696055212b36c25b31f4a8362593376b4e144cbdc54764f9b2a3b03f8882a35225488acd14f15cc6f59da9a71d6759a940bd35
-
SSDEEP
3072:nibd0YGML5NShZwR50lci7CQKIW99Snh8/g3xoAduMG3ERWR3LV:ed07MLLSh7l7E6Gg3CnU0VB
Static task
static1
Behavioral task
behavioral1
Sample
9c76302f9096c0f7f9474d495607ef306dc101b9cbbdd652d99c137d88426ac0.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
danabot
23.236.181.126:443
123.253.35.251:443
66.85.173.3:443
-
embedded_hash
46074984462FB8A91EB57ACE680A2020
-
type
loader
Targets
-
-
Target
9c76302f9096c0f7f9474d495607ef306dc101b9cbbdd652d99c137d88426ac0
-
Size
213KB
-
MD5
e19e872d0ea3c395f5e207bda52da9e8
-
SHA1
402ab88f125ad2a34b5295d8e33e59e09621f139
-
SHA256
9c76302f9096c0f7f9474d495607ef306dc101b9cbbdd652d99c137d88426ac0
-
SHA512
04074d29322d85c8a70cd0fce4696055212b36c25b31f4a8362593376b4e144cbdc54764f9b2a3b03f8882a35225488acd14f15cc6f59da9a71d6759a940bd35
-
SSDEEP
3072:nibd0YGML5NShZwR50lci7CQKIW99Snh8/g3xoAduMG3ERWR3LV:ed07MLLSh7l7E6Gg3CnU0VB
-
Detects Smokeloader packer
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Sets DLL path for service in the registry
-
Sets service image path in registry
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-