General
-
Target
hosts.exe
-
Size
6.0MB
-
Sample
210409-2dgeh4hsaj
-
MD5
b768a6b0c597fa083d90582e77de79e7
-
SHA1
47c4e14037d68de788fbe661d7cd28f3434d1ad7
-
SHA256
8b6517bf35e770e8ba3d0e248c9cd1545e0a2a9234f0ff9746853b5111cbe172
-
SHA512
12d56bf6cb1c48b0cbba4cb6eeb6eec6222f175304994370978ec91cb482f9b8b91573af0f48c77a42a327abde50d1a737494528a29ccf471ea984ce6b654b10
Static task
static1
Behavioral task
behavioral1
Sample
hosts.exe
Resource
win7v20201028
Malware Config
Extracted
danabot
1827
3
23.106.123.249:443
23.106.123.141:443
23.254.225.170:443
134.119.186.216:443
-
embedded_hash
AEF96B4D339B580ABB737F203C2D0F52
Targets
-
-
Target
hosts.exe
-
Size
6.0MB
-
MD5
b768a6b0c597fa083d90582e77de79e7
-
SHA1
47c4e14037d68de788fbe661d7cd28f3434d1ad7
-
SHA256
8b6517bf35e770e8ba3d0e248c9cd1545e0a2a9234f0ff9746853b5111cbe172
-
SHA512
12d56bf6cb1c48b0cbba4cb6eeb6eec6222f175304994370978ec91cb482f9b8b91573af0f48c77a42a327abde50d1a737494528a29ccf471ea984ce6b654b10
-
Blocklisted process makes network request
-
Deletes itself
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-