General
-
Target
SecuriteInfo.com.Trojan.Agent.FFIJ.17175.13295
-
Size
1.3MB
-
Sample
210409-w5hets842x
-
MD5
625f3b9a2f255d228cb4b4d8a75f6f82
-
SHA1
13053846128c57a07c42ee0c5340d185a82a1644
-
SHA256
97d497e3e5e60db871dfde169070847b7067fcd409f9dbed19584c3b64ac9ac9
-
SHA512
a8e5c64217ded4a00e81ecff3c37fef79042d5f003a0b40d5584ef66c7e5834ccd352eebbe69866b7adae3a8c658b270e2e41acecb5ed25005ee82989cbfd3ba
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.Agent.FFIJ.17175.13295.exe
Resource
win7v20201028
Malware Config
Extracted
danabot
1827
3
193.34.167.88:443
192.210.198.12:443
23.81.246.201:443
192.3.26.107:443
-
embedded_hash
AEF96B4D339B580ABB737F203C2D0F52
Targets
-
-
Target
SecuriteInfo.com.Trojan.Agent.FFIJ.17175.13295
-
Size
1.3MB
-
MD5
625f3b9a2f255d228cb4b4d8a75f6f82
-
SHA1
13053846128c57a07c42ee0c5340d185a82a1644
-
SHA256
97d497e3e5e60db871dfde169070847b7067fcd409f9dbed19584c3b64ac9ac9
-
SHA512
a8e5c64217ded4a00e81ecff3c37fef79042d5f003a0b40d5584ef66c7e5834ccd352eebbe69866b7adae3a8c658b270e2e41acecb5ed25005ee82989cbfd3ba
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-