General
-
Target
file.exe
-
Size
214KB
-
Sample
221218-t6321sfg2t
-
MD5
10dda4f5ca21a100702ec74586292940
-
SHA1
d606b9c76b65ecd819029e437edee962ecf0f552
-
SHA256
4a48aefe337d614bc00c6d90133fdbd7b3500ed41301ac6aa1c9a1d8ee10dbd8
-
SHA512
bfcae12d4692d5e054e4c621ebb853cfb4c7adba8c42d464db92519b51762f6036e848eef033a8298fa38df13d025f04c310f20d29a61fa970ec716e9eea0b60
-
SSDEEP
3072:avYb9Ly5VwrRCon124MqAtO1gfH03hI0g3uaHzNa3zHOil3lk025PH:0aLy0son1UjEWF+aAjlVklPH
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
danabot
23.236.181.126:443
123.253.35.251:443
66.85.173.3:443
-
embedded_hash
8F56CD73F6B5CD5D7B17B0BA61E70A82
-
type
loader
Targets
-
-
Target
file.exe
-
Size
214KB
-
MD5
10dda4f5ca21a100702ec74586292940
-
SHA1
d606b9c76b65ecd819029e437edee962ecf0f552
-
SHA256
4a48aefe337d614bc00c6d90133fdbd7b3500ed41301ac6aa1c9a1d8ee10dbd8
-
SHA512
bfcae12d4692d5e054e4c621ebb853cfb4c7adba8c42d464db92519b51762f6036e848eef033a8298fa38df13d025f04c310f20d29a61fa970ec716e9eea0b60
-
SSDEEP
3072:avYb9Ly5VwrRCon124MqAtO1gfH03hI0g3uaHzNa3zHOil3lk025PH:0aLy0son1UjEWF+aAjlVklPH
Score10/10-
Detects Smokeloader packer
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-