General
-
Target
2bfc43520b982fee79d73b9e052b85d2.exe
-
Size
1.4MB
-
Sample
210610-6zh2r5mkjs
-
MD5
2bfc43520b982fee79d73b9e052b85d2
-
SHA1
c3c2b4de70970c5fe1e7772ef500e577ea5a0fd5
-
SHA256
7de7947e52663865b295e5f4377da5ff018beac438c17ff9ecd8e67eb0202bb0
-
SHA512
9ed33f176bfd8366252189c8cdf47b94f53bcaa407b4dfae26ab273263ad1d3537b433a0e025df519da0693ea5a0137d6a1b30fef1455096350229b7774f2ced
Static task
static1
Behavioral task
behavioral1
Sample
2bfc43520b982fee79d73b9e052b85d2.exe
Resource
win7v20210410
Malware Config
Extracted
danabot
1827
3
192.210.198.12:443
37.220.31.50:443
184.95.51.183:443
184.95.51.175:443
-
embedded_hash
410EB249B3A3D8613B29638D583F7193
Targets
-
-
Target
2bfc43520b982fee79d73b9e052b85d2.exe
-
Size
1.4MB
-
MD5
2bfc43520b982fee79d73b9e052b85d2
-
SHA1
c3c2b4de70970c5fe1e7772ef500e577ea5a0fd5
-
SHA256
7de7947e52663865b295e5f4377da5ff018beac438c17ff9ecd8e67eb0202bb0
-
SHA512
9ed33f176bfd8366252189c8cdf47b94f53bcaa407b4dfae26ab273263ad1d3537b433a0e025df519da0693ea5a0137d6a1b30fef1455096350229b7774f2ced
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-