General
-
Target
file.exe
-
Size
214KB
-
Sample
221218-j8fdmabb43
-
MD5
3c1a4982815bb6549cd30e514e271fd6
-
SHA1
de2809b05f50c3fa5bebaaa2bee9712724ace615
-
SHA256
8c2b6a9ecd611098ab7b36a90a6ba13d4e04e5cd833da3830ee603f8924ced0b
-
SHA512
49e05c67daa6cd295d66058d6422925876689c8d1876ec267d06fe1c0af33b485382198c7f65c04ff0d35c35f404ca97a0ff7dd49b6de57e70877c41a447ddf1
-
SSDEEP
3072:AqMK6lL0BwRYyxiV/lZ39cB9JjN/IHYzKNwz8/g3xod4ROaBG3ERWR3LV:NMtlL0byGZ39UJqH0Qg3Cd4oagU0VB
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
danabot
23.236.181.126:443
123.253.35.251:443
66.85.173.3:443
-
embedded_hash
8F56CD73F6B5CD5D7B17B0BA61E70A82
-
type
loader
Targets
-
-
Target
file.exe
-
Size
214KB
-
MD5
3c1a4982815bb6549cd30e514e271fd6
-
SHA1
de2809b05f50c3fa5bebaaa2bee9712724ace615
-
SHA256
8c2b6a9ecd611098ab7b36a90a6ba13d4e04e5cd833da3830ee603f8924ced0b
-
SHA512
49e05c67daa6cd295d66058d6422925876689c8d1876ec267d06fe1c0af33b485382198c7f65c04ff0d35c35f404ca97a0ff7dd49b6de57e70877c41a447ddf1
-
SSDEEP
3072:AqMK6lL0BwRYyxiV/lZ39cB9JjN/IHYzKNwz8/g3xod4ROaBG3ERWR3LV:NMtlL0byGZ39UJqH0Qg3Cd4oagU0VB
Score10/10-
Detects Smokeloader packer
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-