General
-
Target
ff0efd8b2560085a03405d237425e94b.exe
-
Size
1.7MB
-
Sample
210610-lyayp26cex
-
MD5
ff0efd8b2560085a03405d237425e94b
-
SHA1
7770903f1efb33d01c319bd1cfa8f179d5edb5b9
-
SHA256
70b76fcb6175f3a6b2ea31d55732900a43a28c6510ff442d14bcfc10bd1ea28b
-
SHA512
59e1271f92c9ad2f9c5b4590b1142e5bff9ac9779d04b1339e562fa090e566c197bcf1795069269faa0105687adea3e380f6fd2f077a5ce6873bc8e392f3ceb6
Static task
static1
Behavioral task
behavioral1
Sample
ff0efd8b2560085a03405d237425e94b.exe
Resource
win7v20210408
Malware Config
Extracted
danabot
1827
3
192.210.198.12:443
37.220.31.50:443
184.95.51.183:443
184.95.51.175:443
-
embedded_hash
410EB249B3A3D8613B29638D583F7193
Targets
-
-
Target
ff0efd8b2560085a03405d237425e94b.exe
-
Size
1.7MB
-
MD5
ff0efd8b2560085a03405d237425e94b
-
SHA1
7770903f1efb33d01c319bd1cfa8f179d5edb5b9
-
SHA256
70b76fcb6175f3a6b2ea31d55732900a43a28c6510ff442d14bcfc10bd1ea28b
-
SHA512
59e1271f92c9ad2f9c5b4590b1142e5bff9ac9779d04b1339e562fa090e566c197bcf1795069269faa0105687adea3e380f6fd2f077a5ce6873bc8e392f3ceb6
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-