General
-
Target
SecuriteInfo.com.Troj.Androm-TY.30287.16181
-
Size
5.9MB
-
Sample
210422-4bm7rxfxs6
-
MD5
9077ee02ee92c4a1f4e874f1f086e220
-
SHA1
651fd5e02b12155f79313db85e3669a82a528edb
-
SHA256
488d2bdd81feedeb4b82a8e1acf319c4ad8b6d3170dd877d768430c19513d52c
-
SHA512
c4aabefd8939e004d1c0616b49e5ef7c192e234bce928a86705549c387f5d371b8048c7d7cf6fe8c985e7cc1e963616875bdda3bffec8a6fcd7cb4c3fb5af388
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Troj.Androm-TY.30287.16181.exe
Resource
win7v20210408
Malware Config
Extracted
danabot
1827
3
23.106.123.141:443
23.254.225.170:443
23.106.123.185:443
37.220.31.94:443
-
embedded_hash
AEF96B4D339B580ABB737F203C2D0F52
Targets
-
-
Target
SecuriteInfo.com.Troj.Androm-TY.30287.16181
-
Size
5.9MB
-
MD5
9077ee02ee92c4a1f4e874f1f086e220
-
SHA1
651fd5e02b12155f79313db85e3669a82a528edb
-
SHA256
488d2bdd81feedeb4b82a8e1acf319c4ad8b6d3170dd877d768430c19513d52c
-
SHA512
c4aabefd8939e004d1c0616b49e5ef7c192e234bce928a86705549c387f5d371b8048c7d7cf6fe8c985e7cc1e963616875bdda3bffec8a6fcd7cb4c3fb5af388
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Blocklisted process makes network request
-
Deletes itself
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-