General
-
Target
b1a0e13af901eb4730c04e0162bcc470.exe
-
Size
6.0MB
-
Sample
210318-kgqs6taqta
-
MD5
b1a0e13af901eb4730c04e0162bcc470
-
SHA1
b5acb4bb5be306229d1d088ffb5c489447de0e13
-
SHA256
cf0a8e3f14b2483a5b62385f141d63314f239cbd604b87748feb9c53627c4a8d
-
SHA512
094925316433086d89103c96f05b6608fc9c6440710174d6d45046555059eeec94523d3b202bdd4aaf0c1a44dc95f4d4e4e8158d5e52cfc64450fb4517f5b088
Static task
static1
Behavioral task
behavioral1
Sample
b1a0e13af901eb4730c04e0162bcc470.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
b1a0e13af901eb4730c04e0162bcc470.exe
Resource
win10v20201028
Malware Config
Extracted
danabot
1765
142.44.224.16:443
23.106.123.117:443
192.3.26.98:443
192.161.48.5:443
Targets
-
-
Target
b1a0e13af901eb4730c04e0162bcc470.exe
-
Size
6.0MB
-
MD5
b1a0e13af901eb4730c04e0162bcc470
-
SHA1
b5acb4bb5be306229d1d088ffb5c489447de0e13
-
SHA256
cf0a8e3f14b2483a5b62385f141d63314f239cbd604b87748feb9c53627c4a8d
-
SHA512
094925316433086d89103c96f05b6608fc9c6440710174d6d45046555059eeec94523d3b202bdd4aaf0c1a44dc95f4d4e4e8158d5e52cfc64450fb4517f5b088
-
Blocklisted process makes network request
-
Deletes itself
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-