General
-
Target
klok.exe
-
Size
6.0MB
-
Sample
210418-l698b68z8a
-
MD5
f8206a65ddbdaf77b5f8be6599081cff
-
SHA1
c9929afc9c726e69a3aaaebb1810a93877d99e69
-
SHA256
baef74c9dbf470ffbe0261de0843db69a6037c167cf003f5703b905d3ad6c3a3
-
SHA512
ffedbbe897519d928586c1b09e9c7d4930ad6d98de36093d27f903c5b0572ddb10c065c3a05e13829cfe93932bb77f62812c3f99553c0a84f7a8a863f575deb6
Static task
static1
Behavioral task
behavioral1
Sample
klok.exe
Resource
win7v20210410
Malware Config
Extracted
danabot
1827
3
23.106.123.185:443
192.210.198.12:443
23.254.225.170:443
23.106.123.141:443
-
embedded_hash
AEF96B4D339B580ABB737F203C2D0F52
Targets
-
-
Target
klok.exe
-
Size
6.0MB
-
MD5
f8206a65ddbdaf77b5f8be6599081cff
-
SHA1
c9929afc9c726e69a3aaaebb1810a93877d99e69
-
SHA256
baef74c9dbf470ffbe0261de0843db69a6037c167cf003f5703b905d3ad6c3a3
-
SHA512
ffedbbe897519d928586c1b09e9c7d4930ad6d98de36093d27f903c5b0572ddb10c065c3a05e13829cfe93932bb77f62812c3f99553c0a84f7a8a863f575deb6
-
Blocklisted process makes network request
-
Deletes itself
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-