General
-
Target
586b6b985abf0ac8b8e6cbf065e59989783409c9a5a390db3e9c1310da4c07a4
-
Size
6.0MB
-
Sample
210412-lv3ym26nkx
-
MD5
233d9fd5a7f914b37db9921758aec1eb
-
SHA1
903ffecd586cd71cd83d87bffb6384b6d87ec743
-
SHA256
586b6b985abf0ac8b8e6cbf065e59989783409c9a5a390db3e9c1310da4c07a4
-
SHA512
ab2b207ed84dc603f759200e174dfc8e6ef902adf64ba4fbbdd3b0f5a8cfc33f2ee621034d7a381a577b97fd9e9d52ffbea748795095b49ded2eb19f87c56631
Static task
static1
Behavioral task
behavioral1
Sample
586b6b985abf0ac8b8e6cbf065e59989783409c9a5a390db3e9c1310da4c07a4.exe
Resource
win7v20210408
Malware Config
Extracted
danabot
1827
3
23.106.123.141:443
23.254.225.170:443
193.34.167.88:443
23.106.123.185:443
-
embedded_hash
AEF96B4D339B580ABB737F203C2D0F52
Targets
-
-
Target
586b6b985abf0ac8b8e6cbf065e59989783409c9a5a390db3e9c1310da4c07a4
-
Size
6.0MB
-
MD5
233d9fd5a7f914b37db9921758aec1eb
-
SHA1
903ffecd586cd71cd83d87bffb6384b6d87ec743
-
SHA256
586b6b985abf0ac8b8e6cbf065e59989783409c9a5a390db3e9c1310da4c07a4
-
SHA512
ab2b207ed84dc603f759200e174dfc8e6ef902adf64ba4fbbdd3b0f5a8cfc33f2ee621034d7a381a577b97fd9e9d52ffbea748795095b49ded2eb19f87c56631
-
Blocklisted process makes network request
-
Deletes itself
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-