General
-
Target
SecuriteInfo.com.Dropped.Trojan.GenericKD.46121735.25361.5645
-
Size
1.2MB
-
Sample
210418-8982nwsk5j
-
MD5
9f4f0db4cc105c01d0d018bfae0ce36d
-
SHA1
01fae7a54ed997d786eeabab6f852f86ff3bc358
-
SHA256
7723ef735f4c131fad282ca59943079710a91d13011a025ad12ce9828d10f187
-
SHA512
6e6f11ed540a4d3c93f654f4e4ae5faa00b6989bbed5efb210485baf48b4f863c135ef869d4722fe4755e19774f89c64bd1b4998e114729f259a83196a4ef977
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Dropped.Trojan.GenericKD.46121735.25361.5645.exe
Resource
win7v20210410
Malware Config
Extracted
danabot
1827
3
23.106.123.185:443
192.210.198.12:443
23.254.225.170:443
23.106.123.141:443
-
embedded_hash
AEF96B4D339B580ABB737F203C2D0F52
Targets
-
-
Target
SecuriteInfo.com.Dropped.Trojan.GenericKD.46121735.25361.5645
-
Size
1.2MB
-
MD5
9f4f0db4cc105c01d0d018bfae0ce36d
-
SHA1
01fae7a54ed997d786eeabab6f852f86ff3bc358
-
SHA256
7723ef735f4c131fad282ca59943079710a91d13011a025ad12ce9828d10f187
-
SHA512
6e6f11ed540a4d3c93f654f4e4ae5faa00b6989bbed5efb210485baf48b4f863c135ef869d4722fe4755e19774f89c64bd1b4998e114729f259a83196a4ef977
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-