General
-
Target
6083352a__Avast-Free-Anti.zip
-
Size
1.6MB
-
Sample
210423-83jy5dg97n
-
MD5
9c493be4e9e0ed2b6f1c3d0b834bf8f3
-
SHA1
1431094e25be681190e88ec1f978966f9ad79c91
-
SHA256
f0bb317cdd6963c218b63c88388d6a487707ad0be26321ece91c5bddc6ff9c62
-
SHA512
3dd7156be96a3e08eefe3779def66367c1f2e0b3131ad927d74db2525b44c9cd713c2dc76666da711b72826a0a742c11296a61b34842aa749828021953eb746e
Static task
static1
Behavioral task
behavioral1
Sample
setup_x86_x64_install.exe
Resource
win10v20210410
Behavioral task
behavioral2
Sample
setup_x86_x64_install.exe
Resource
win10v20210410
Malware Config
Extracted
danabot
1827
3
23.106.123.185:443
192.210.198.12:443
23.254.225.170:443
23.106.123.141:443
-
embedded_hash
AEF96B4D339B580ABB737F203C2D0F52
Targets
-
-
Target
setup_x86_x64_install.exe
-
Size
1.8MB
-
MD5
2c121f456cbbde3437f0944ed2436991
-
SHA1
6ad7e5cd87e0456e0076a41c21feb1147c7dd6eb
-
SHA256
04e341fb5750ca5588ad1340c2a2348a1a128a4a368ab13ad9628f2f49a20298
-
SHA512
10163af59e96e81fa89c9b9b0b63a4eb157a2f921b18d1d9dbcd989f2dea71e8f72fb88710f2e419059a0c1e2c536b326f1f74f61727ed86e8f980c087eaeeb2
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-