General
-
Target
siri_2
-
Size
2.6MB
-
Sample
201111-xxsylzpbys
-
MD5
77bf0712c5776c3bd6357e061c38141a
-
SHA1
ee397840293b249addcc17d5e36fd49013773716
-
SHA256
344008f54e17556e7ec3fa01039b58cf21f66d0fa9fe6f8ecf4bc0f077839539
-
SHA512
585449d790da3584f5930941064d9b5e2a4692c155d8a28dba83901bb48de9ebcede8f7d5eb13adb2b15fd18448776402fd982473fee9b58bcd699dd35850eea
Static task
static1
Behavioral task
behavioral1
Sample
siri_2.exe
Resource
win7v20201028
Malware Config
Extracted
danabot
93.115.21.232
109.200.24.21
93.115.21.236
Targets
-
-
Target
siri_2
-
Size
2.6MB
-
MD5
77bf0712c5776c3bd6357e061c38141a
-
SHA1
ee397840293b249addcc17d5e36fd49013773716
-
SHA256
344008f54e17556e7ec3fa01039b58cf21f66d0fa9fe6f8ecf4bc0f077839539
-
SHA512
585449d790da3584f5930941064d9b5e2a4692c155d8a28dba83901bb48de9ebcede8f7d5eb13adb2b15fd18448776402fd982473fee9b58bcd699dd35850eea
-
Danabot x86 payload
Detection of Danabot x86 payload, mapped in memory during the execution of its loader.
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Blocklisted process makes network request
-
Loads dropped DLL
-