General
-
Target
c65eb22434cbf550e158d45cf9a64470
-
Size
1.0MB
-
Sample
210719-2aaf4hhtvj
-
MD5
c65eb22434cbf550e158d45cf9a64470
-
SHA1
65bc53c6b4866cdc82a55a24c107359ed424cc55
-
SHA256
c76a9b5f3a1d4456cf2fe90c115f808e4a53f04a5520eabd945af7d41c44b986
-
SHA512
395b7404dde5a9b7ca42c5cda84ad92184ea23f471747f8b86ed91b7b832b2797d473e58156504ede1ae1327795c3f5967edbf505d14545639a89003afb36bf7
Static task
static1
Behavioral task
behavioral1
Sample
c65eb22434cbf550e158d45cf9a64470.exe
Resource
win7v20210410
Malware Config
Extracted
danabot
1987
4
142.11.244.124:443
142.11.206.50:443
-
embedded_hash
6AD9FE4F9E491E785665E0D144F61DAB
Targets
-
-
Target
c65eb22434cbf550e158d45cf9a64470
-
Size
1.0MB
-
MD5
c65eb22434cbf550e158d45cf9a64470
-
SHA1
65bc53c6b4866cdc82a55a24c107359ed424cc55
-
SHA256
c76a9b5f3a1d4456cf2fe90c115f808e4a53f04a5520eabd945af7d41c44b986
-
SHA512
395b7404dde5a9b7ca42c5cda84ad92184ea23f471747f8b86ed91b7b832b2797d473e58156504ede1ae1327795c3f5967edbf505d14545639a89003afb36bf7
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-