General
-
Target
elder.exe
-
Size
2.3MB
-
Sample
200914-pglhxqh5cx
-
MD5
e4fc60d76aed36f58af4e8a02ac91887
-
SHA1
59565273a6d014865b15e81fdbbed59fc56451f0
-
SHA256
7a5bff709af4ad1e50840b0822a91edbec6ab2418e13ef1cdf30e3ea09228590
-
SHA512
5e2653cae0d078f1ed4856b196f0956f78c40c270372e1104cdca9c5d86c8e2d17516164d6d9ab7779a038a36753a82f0c1de6b859d4d8e0582d9602c477f19a
Static task
static1
Behavioral task
behavioral1
Sample
elder.exe
Resource
win7
Malware Config
Extracted
danabot
89.44.9.132
64.188.23.70
179.43.133.35
45.147.231.218
89.45.4.126
Targets
-
-
Target
elder.exe
-
Size
2.3MB
-
MD5
e4fc60d76aed36f58af4e8a02ac91887
-
SHA1
59565273a6d014865b15e81fdbbed59fc56451f0
-
SHA256
7a5bff709af4ad1e50840b0822a91edbec6ab2418e13ef1cdf30e3ea09228590
-
SHA512
5e2653cae0d078f1ed4856b196f0956f78c40c270372e1104cdca9c5d86c8e2d17516164d6d9ab7779a038a36753a82f0c1de6b859d4d8e0582d9602c477f19a
-
Danabot x86 payload
Detection of Danabot x86 payload, mapped in memory during the execution of its loader.
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Sets DLL path for service in the registry
-
Sets service image path in registry
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-