General
-
Target
03abd9bc9bfc7560be751b652bcb75a0ce715d37498dd2e1090211f192786dbb
-
Size
214KB
-
Sample
221218-vc4xwsch49
-
MD5
1efc6d42fc23586e2d8e66846c82345c
-
SHA1
023304a5fdce7ce9367f68f36bb4c74957bcf22e
-
SHA256
03abd9bc9bfc7560be751b652bcb75a0ce715d37498dd2e1090211f192786dbb
-
SHA512
dab02b8abe0ee84477434f19e6fdc903274ab60c3ed27bd2c1fd5555aeb0f2bcba16bc82308afafa36f78d660f04167625f020604552252415f05bb928fd995b
-
SSDEEP
3072:IwiPBLO17R9B7+ODcyXQUkNcg3u3HOil3lk025PH:1cL09iasN9+3jlVklPH
Static task
static1
Malware Config
Extracted
danabot
23.236.181.126:443
123.253.35.251:443
66.85.173.3:443
-
embedded_hash
8F56CD73F6B5CD5D7B17B0BA61E70A82
-
type
loader
Targets
-
-
Target
03abd9bc9bfc7560be751b652bcb75a0ce715d37498dd2e1090211f192786dbb
-
Size
214KB
-
MD5
1efc6d42fc23586e2d8e66846c82345c
-
SHA1
023304a5fdce7ce9367f68f36bb4c74957bcf22e
-
SHA256
03abd9bc9bfc7560be751b652bcb75a0ce715d37498dd2e1090211f192786dbb
-
SHA512
dab02b8abe0ee84477434f19e6fdc903274ab60c3ed27bd2c1fd5555aeb0f2bcba16bc82308afafa36f78d660f04167625f020604552252415f05bb928fd995b
-
SSDEEP
3072:IwiPBLO17R9B7+ODcyXQUkNcg3u3HOil3lk025PH:1cL09iasN9+3jlVklPH
-
Detects Smokeloader packer
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-