General
Static task
static1
URLScan task
urlscan1
Sample
http://192.3.26.118/klok.exe
Malware Config
Extracted
Family
danabot
Version
1827
Botnet
3
C2
23.106.123.141:443
192.210.198.12:443
37.220.31.94:443
23.254.225.170:443
Attributes
-
embedded_hash
AEF96B4D339B580ABB737F203C2D0F52
rsa_pubkey.plain
rsa_pubkey.plain
Targets
-
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.