General
-
Target
dba9d5c211d728da4b92e0064a445ecd.exe
-
Size
1.3MB
-
Sample
210608-jnav6951ga
-
MD5
dba9d5c211d728da4b92e0064a445ecd
-
SHA1
30ba2ff291af1ee572f9eb9299b41d83157c1b83
-
SHA256
d47844ec0804c45feddfb89791832c4040754a703e46454cf571a2d30ac83124
-
SHA512
c17d82d4a116b350bbb2129e3070dc2379bda1cda23edaa8c415271699f0c1eeeb21aedd005e4db650fb4912709642f64df3abd96d8d1787bb657061846fcb66
Static task
static1
Behavioral task
behavioral1
Sample
dba9d5c211d728da4b92e0064a445ecd.exe
Resource
win7v20210410
Malware Config
Extracted
danabot
1827
3
184.95.51.183:443
184.95.51.175:443
192.210.198.12:443
184.95.51.180:443
-
embedded_hash
AEF96B4D339B580ABB737F203C2D0F52
Targets
-
-
Target
dba9d5c211d728da4b92e0064a445ecd.exe
-
Size
1.3MB
-
MD5
dba9d5c211d728da4b92e0064a445ecd
-
SHA1
30ba2ff291af1ee572f9eb9299b41d83157c1b83
-
SHA256
d47844ec0804c45feddfb89791832c4040754a703e46454cf571a2d30ac83124
-
SHA512
c17d82d4a116b350bbb2129e3070dc2379bda1cda23edaa8c415271699f0c1eeeb21aedd005e4db650fb4912709642f64df3abd96d8d1787bb657061846fcb66
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-