General
-
Target
c6368a2237c414cd9c41af9b27a2acc8.exe
-
Size
1.0MB
-
Sample
201109-prlth966wj
-
MD5
c6368a2237c414cd9c41af9b27a2acc8
-
SHA1
e33844796fce61ab2de57487e0f258d5163563e7
-
SHA256
310d801624fa3aec311040427326e4e7d500f6b2a0fbfde77e34df4617c155f1
-
SHA512
995f9fd9aef739cf893409445bf8fcac3e048332341651ebf6a0eaf28f0c29ec345409a18db1791ed4c979bbf9159eb799ae84e004e35b3e2952bd6853544e85
Static task
static1
Behavioral task
behavioral1
Sample
c6368a2237c414cd9c41af9b27a2acc8.exe
Resource
win7v20201028
Malware Config
Extracted
danabot
2.56.213.39
185.238.168.83
185.238.168.174
93.115.20.189
93.115.20.183
5.61.58.130
Targets
-
-
Target
c6368a2237c414cd9c41af9b27a2acc8.exe
-
Size
1.0MB
-
MD5
c6368a2237c414cd9c41af9b27a2acc8
-
SHA1
e33844796fce61ab2de57487e0f258d5163563e7
-
SHA256
310d801624fa3aec311040427326e4e7d500f6b2a0fbfde77e34df4617c155f1
-
SHA512
995f9fd9aef739cf893409445bf8fcac3e048332341651ebf6a0eaf28f0c29ec345409a18db1791ed4c979bbf9159eb799ae84e004e35b3e2952bd6853544e85
-
Danabot x86 payload
Detection of Danabot x86 payload, mapped in memory during the execution of its loader.
-
Blocklisted process makes network request
-
Loads dropped DLL
-