General
-
Target
943b992da5eff312e494f02e270feccf
-
Size
1.3MB
-
Sample
210610-rhj3tzcm3e
-
MD5
943b992da5eff312e494f02e270feccf
-
SHA1
5078fdbac8b7af3e3b44eb6fb45be6eb447d870a
-
SHA256
46c3c96de71f691a7247112fe80d61599ab91e8ead7db41cfab9af64357d10cc
-
SHA512
b7dcfc920f9bca227b01a30679936052bfa082625e7ba82883addd896d09411b67a0477e99dc2e8b0838137d8fa9584ae1d6aa183cc8ebfbdbe7ec2f471475e4
Static task
static1
Behavioral task
behavioral1
Sample
943b992da5eff312e494f02e270feccf.exe
Resource
win7v20210410
Malware Config
Extracted
danabot
1827
3
192.210.198.12:443
37.220.31.50:443
184.95.51.183:443
184.95.51.175:443
-
embedded_hash
410EB249B3A3D8613B29638D583F7193
Targets
-
-
Target
943b992da5eff312e494f02e270feccf
-
Size
1.3MB
-
MD5
943b992da5eff312e494f02e270feccf
-
SHA1
5078fdbac8b7af3e3b44eb6fb45be6eb447d870a
-
SHA256
46c3c96de71f691a7247112fe80d61599ab91e8ead7db41cfab9af64357d10cc
-
SHA512
b7dcfc920f9bca227b01a30679936052bfa082625e7ba82883addd896d09411b67a0477e99dc2e8b0838137d8fa9584ae1d6aa183cc8ebfbdbe7ec2f471475e4
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-