General
-
Target
5c30bed6985b8603b6c797f141abfa85.exe
-
Size
1.2MB
-
Sample
210415-d6fw9ej86j
-
MD5
5c30bed6985b8603b6c797f141abfa85
-
SHA1
670a3c1243aec4701d036cb3bace2761f8768f13
-
SHA256
3688577e500b07cc1818d4c994651f791659efbf8ef3ff88329f25c4f65aba24
-
SHA512
869f3b40e84907ae1628cf3902d6cb1f207587d3535817d11f0c0c26b740f76868910912e4b135563ab612998d9b64d4de3b6a7dd20225fd9f1264b4148227cf
Static task
static1
Behavioral task
behavioral1
Sample
5c30bed6985b8603b6c797f141abfa85.exe
Resource
win7v20210408
Malware Config
Extracted
danabot
1827
3
192.210.198.12:443
23.106.123.185:443
192.236.147.83:443
23.106.123.141:443
-
embedded_hash
AEF96B4D339B580ABB737F203C2D0F52
Targets
-
-
Target
5c30bed6985b8603b6c797f141abfa85.exe
-
Size
1.2MB
-
MD5
5c30bed6985b8603b6c797f141abfa85
-
SHA1
670a3c1243aec4701d036cb3bace2761f8768f13
-
SHA256
3688577e500b07cc1818d4c994651f791659efbf8ef3ff88329f25c4f65aba24
-
SHA512
869f3b40e84907ae1628cf3902d6cb1f207587d3535817d11f0c0c26b740f76868910912e4b135563ab612998d9b64d4de3b6a7dd20225fd9f1264b4148227cf
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-