General
-
Target
file.exe
-
Size
214KB
-
Sample
221218-jnp3bsba49
-
MD5
94ce7e3bc61e8f5825b3416dccd1c481
-
SHA1
699b3330bbcdb08df4e5ee3c4e2343b33bb957bd
-
SHA256
451ec0852088a55084102632e636204feef0989fabe57dc0cb602c4173dc48fa
-
SHA512
1caf1d8d4ebdf2caafa092484d03653823c85e394531cea2e00937f5b38c75fe17b1ba86d810bdc6f95f0e5b0d8f6b21afdad260f278331e211095262649f8e9
-
SSDEEP
6144:Lf25OL4bdsVV2jEjxrxwRGgg3CwVpU0VB:Lf2AUxsVVQEjxfvSwVqO
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Malware Config
Extracted
danabot
23.236.181.126:443
123.253.35.251:443
66.85.173.3:443
-
embedded_hash
8F56CD73F6B5CD5D7B17B0BA61E70A82
-
type
loader
Targets
-
-
Target
file.exe
-
Size
214KB
-
MD5
94ce7e3bc61e8f5825b3416dccd1c481
-
SHA1
699b3330bbcdb08df4e5ee3c4e2343b33bb957bd
-
SHA256
451ec0852088a55084102632e636204feef0989fabe57dc0cb602c4173dc48fa
-
SHA512
1caf1d8d4ebdf2caafa092484d03653823c85e394531cea2e00937f5b38c75fe17b1ba86d810bdc6f95f0e5b0d8f6b21afdad260f278331e211095262649f8e9
-
SSDEEP
6144:Lf25OL4bdsVV2jEjxrxwRGgg3CwVpU0VB:Lf2AUxsVVQEjxfvSwVqO
-
Detects Smokeloader packer
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-