General
-
Target
SecuriteInfo.com.Trojan.Coins.Win32.5986.15363.1750
-
Size
1MB
-
Sample
210408-syvyfjckc6
-
MD5
845615bf78874fa55758ce6fa4b36084
-
SHA1
57871e28d04d19bb2f99cfacdc844073418c0d7c
-
SHA256
ec7db23abe0578993c032c1c962db58d72bc1cdcb8401d33e60e92f784defb75
-
SHA512
7d88605095090bb6aebbd27e4ff76be4de8a85be3a33294938c2faa3151bc063b8add8f05f277642e6f8c9395a136757439943912ba704121e0fbb095462ff5d
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.Coins.Win32.5986.15363.1750.exe
Resource
win7v20201028
Malware Config
Extracted
danabot
1827
3
23.106.123.249:443
23.106.123.141:443
23.254.225.170:443
134.119.186.216:443
-
embedded_hash
AEF96B4D339B580ABB737F203C2D0F52
Targets
-
-
Target
SecuriteInfo.com.Trojan.Coins.Win32.5986.15363.1750
-
Size
1MB
-
MD5
845615bf78874fa55758ce6fa4b36084
-
SHA1
57871e28d04d19bb2f99cfacdc844073418c0d7c
-
SHA256
ec7db23abe0578993c032c1c962db58d72bc1cdcb8401d33e60e92f784defb75
-
SHA512
7d88605095090bb6aebbd27e4ff76be4de8a85be3a33294938c2faa3151bc063b8add8f05f277642e6f8c9395a136757439943912ba704121e0fbb095462ff5d
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-