General
-
Target
SecuriteInfo.com.ArtemisAFF6F8C75217.6228.28683
-
Size
1.2MB
-
Sample
210412-tsf6alc8ka
-
MD5
aff6f8c7521796d3bc8fc1059dbe2409
-
SHA1
eaa8368b259beb696d45ba1a69b75bc0d99c8bc9
-
SHA256
826d2e8f10f6991f25dae46522fb53d041a4d740c4ae0a8b570c41c099e9e31f
-
SHA512
cf3de72146e5e3f2efad7ac2982df23f92fa46297c7f161bac38d227eccd35a728a36d90583bdaf81ce5b7427cb108d692d81e2048a6a85115a09a4228f7a64c
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.ArtemisAFF6F8C75217.6228.28683.exe
Resource
win7v20210408
Malware Config
Extracted
danabot
1827
3
192.3.26.107:443
23.106.123.141:443
23.81.246.201:443
23.106.123.185:443
-
embedded_hash
AEF96B4D339B580ABB737F203C2D0F52
Targets
-
-
Target
SecuriteInfo.com.ArtemisAFF6F8C75217.6228.28683
-
Size
1.2MB
-
MD5
aff6f8c7521796d3bc8fc1059dbe2409
-
SHA1
eaa8368b259beb696d45ba1a69b75bc0d99c8bc9
-
SHA256
826d2e8f10f6991f25dae46522fb53d041a4d740c4ae0a8b570c41c099e9e31f
-
SHA512
cf3de72146e5e3f2efad7ac2982df23f92fa46297c7f161bac38d227eccd35a728a36d90583bdaf81ce5b7427cb108d692d81e2048a6a85115a09a4228f7a64c
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-