General
-
Target
intercom.exe
-
Size
5.9MB
-
Sample
210410-fdn7py1pgx
-
MD5
aa93361d01ad033f88e422a2c845b045
-
SHA1
3bc3c157a3a0e0a1e558458c818345f19cc8112a
-
SHA256
13f4892e2108e176a73353d8e5b0d1a7c1721eb41b11921ee01300419373b374
-
SHA512
6fa96cc15642d0869bf90417695332e8a984048bf6e13beb6a7d8fa494386c957d5e960df028157d76d6d915df3bf728c3bf9cfdadfa8e7e86bad6eb51ce8c23
Static task
static1
Behavioral task
behavioral1
Sample
intercom.exe
Resource
win7v20210408
Malware Config
Extracted
danabot
1827
3
193.34.167.88:443
192.3.26.107:443
23.81.246.201:443
134.119.186.216:443
-
embedded_hash
AEF96B4D339B580ABB737F203C2D0F52
Targets
-
-
Target
intercom.exe
-
Size
5.9MB
-
MD5
aa93361d01ad033f88e422a2c845b045
-
SHA1
3bc3c157a3a0e0a1e558458c818345f19cc8112a
-
SHA256
13f4892e2108e176a73353d8e5b0d1a7c1721eb41b11921ee01300419373b374
-
SHA512
6fa96cc15642d0869bf90417695332e8a984048bf6e13beb6a7d8fa494386c957d5e960df028157d76d6d915df3bf728c3bf9cfdadfa8e7e86bad6eb51ce8c23
-
Blocklisted process makes network request
-
Deletes itself
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-