General
-
Target
SecuriteInfo.com.Ransom.Stop.P6.19307.25815
-
Size
5.8MB
-
Sample
210408-r95n8mcjcs
-
MD5
2fbdd54155f2cf4b6f41bf5e92d74696
-
SHA1
3bafc4377abf9433acce914de93f18f29c66a3c8
-
SHA256
4cf8cd89929828f99642b9992f5479dd7ef217ae9cdbddfd9a2b17300ddee655
-
SHA512
a10a1e63ab67187caa6edd81e418a29fa56262ad3a196e0e54e341cebb38347242efe3265b79ed8eaf25ffbaf7a3d4aa72820c1e336593caf11ebcafe2a32915
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Ransom.Stop.P6.19307.25815.exe
Resource
win7v20201028
Malware Config
Extracted
danabot
1827
3
23.106.123.249:443
23.106.123.141:443
23.254.225.170:443
134.119.186.216:443
-
embedded_hash
AEF96B4D339B580ABB737F203C2D0F52
Targets
-
-
Target
SecuriteInfo.com.Ransom.Stop.P6.19307.25815
-
Size
5.8MB
-
MD5
2fbdd54155f2cf4b6f41bf5e92d74696
-
SHA1
3bafc4377abf9433acce914de93f18f29c66a3c8
-
SHA256
4cf8cd89929828f99642b9992f5479dd7ef217ae9cdbddfd9a2b17300ddee655
-
SHA512
a10a1e63ab67187caa6edd81e418a29fa56262ad3a196e0e54e341cebb38347242efe3265b79ed8eaf25ffbaf7a3d4aa72820c1e336593caf11ebcafe2a32915
-
Blocklisted process makes network request
-
Deletes itself
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-