General
-
Target
SecuriteInfo.com.Trojan.GenericKD.46108979.11616.31973
-
Size
1.1MB
-
Sample
210416-84bk9h1kka
-
MD5
20a6f20deda04de07d56e4ccaf6d27a5
-
SHA1
7972c9024320a33abfc1db33e04af1600006e7ad
-
SHA256
76ddf24374fc1975cbdeb30718badfa60d15ba78f4123e56c46c5f370622ef77
-
SHA512
346e4b07634dc8e7427e9805788e35d42b735bb0ec2b2749419d3e77fb5a6e19ac617110559e49e269011fafd4ec26d96f69f870de5d9c8d367c63827d5f25b4
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.GenericKD.46108979.11616.31973.exe
Resource
win7v20210410
Malware Config
Extracted
danabot
1827
3
37.220.31.94:443
192.210.198.12:443
23.106.123.185:443
192.236.147.83:443
-
embedded_hash
AEF96B4D339B580ABB737F203C2D0F52
Targets
-
-
Target
SecuriteInfo.com.Trojan.GenericKD.46108979.11616.31973
-
Size
1.1MB
-
MD5
20a6f20deda04de07d56e4ccaf6d27a5
-
SHA1
7972c9024320a33abfc1db33e04af1600006e7ad
-
SHA256
76ddf24374fc1975cbdeb30718badfa60d15ba78f4123e56c46c5f370622ef77
-
SHA512
346e4b07634dc8e7427e9805788e35d42b735bb0ec2b2749419d3e77fb5a6e19ac617110559e49e269011fafd4ec26d96f69f870de5d9c8d367c63827d5f25b4
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-