General
-
Target
dc31178c8e734d726d361bf5179f05b2.exe
-
Size
1.9MB
-
Sample
210615-tqzrterxwx
-
MD5
dc31178c8e734d726d361bf5179f05b2
-
SHA1
d28f5dd56498248e706a3aad546e0e200f19b3fa
-
SHA256
473574ab9286caa551c88e2a3ac32e8b7975baac765bf084fd8c6ccb89737666
-
SHA512
90b1e5a663b6bc8e2b52779259a6d04da5925ca57e02b4bd46165886f16a825336d927b30668df532bcb3d409b7f5247b2245aacac1e1ac691a4bb8a344eb8fb
Static task
static1
Behavioral task
behavioral1
Sample
dc31178c8e734d726d361bf5179f05b2.exe
Resource
win7v20210410
Malware Config
Extracted
danabot
1827
3
192.210.198.12:443
37.220.31.50:443
184.95.51.183:443
184.95.51.175:443
-
embedded_hash
410EB249B3A3D8613B29638D583F7193
Targets
-
-
Target
dc31178c8e734d726d361bf5179f05b2.exe
-
Size
1.9MB
-
MD5
dc31178c8e734d726d361bf5179f05b2
-
SHA1
d28f5dd56498248e706a3aad546e0e200f19b3fa
-
SHA256
473574ab9286caa551c88e2a3ac32e8b7975baac765bf084fd8c6ccb89737666
-
SHA512
90b1e5a663b6bc8e2b52779259a6d04da5925ca57e02b4bd46165886f16a825336d927b30668df532bcb3d409b7f5247b2245aacac1e1ac691a4bb8a344eb8fb
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-