General
-
Target
-BK-C-CTI.exe
-
Size
5.7MB
-
Sample
210313-5a26qmzldj
-
MD5
f714cb42f51d508200da9286c4a171b0
-
SHA1
707c7920ade9ac71cc04b4e4dcf99536d76c46a3
-
SHA256
4178f235c96e570925dc63c9d4576b49bac66fba0cff227d8f42d691ff0ebf93
-
SHA512
50149c3dd12279ffb53ebf1eacd395b2269d20190369c11cad88bb77eefcb7decdb090eb424bf56ccbea66af5a3bde62a13f0c6b8d153309751fab8c1e0bbf7a
Static task
static1
Behavioral task
behavioral1
Sample
-BK-C-CTI.exe.dll
Resource
win7v20201028
Malware Config
Extracted
danabot
1765
192.161.48.5:443
192.3.26.98:443
142.44.224.16:443
192.236.162.42:443
Targets
-
-
Target
-BK-C-CTI.exe
-
Size
5.7MB
-
MD5
f714cb42f51d508200da9286c4a171b0
-
SHA1
707c7920ade9ac71cc04b4e4dcf99536d76c46a3
-
SHA256
4178f235c96e570925dc63c9d4576b49bac66fba0cff227d8f42d691ff0ebf93
-
SHA512
50149c3dd12279ffb53ebf1eacd395b2269d20190369c11cad88bb77eefcb7decdb090eb424bf56ccbea66af5a3bde62a13f0c6b8d153309751fab8c1e0bbf7a
-
Blocklisted process makes network request
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-