General
-
Target
c34c3173ec9350b98c8eb041881b7e58.exe
-
Size
1.2MB
-
Sample
210720-bt7laszrss
-
MD5
c34c3173ec9350b98c8eb041881b7e58
-
SHA1
eeea61972fba068e1bd010354555cda9c4802c79
-
SHA256
c06b079814ab52484292497631819acdb667cadd9c2a58cae97f5dc19d79e1c5
-
SHA512
67629e18128c73810e75ef92b21f788a9506024d960f73d823f6ee4173c8240969b2b10b1a6d60db027401ab442753845853a24929d31142ad399edbfc9f78cc
Static task
static1
Behavioral task
behavioral1
Sample
c34c3173ec9350b98c8eb041881b7e58.exe
Resource
win7v20210408
Malware Config
Extracted
danabot
1987
4
142.11.244.124:443
142.11.206.50:443
-
embedded_hash
6AD9FE4F9E491E785665E0D144F61DAB
Targets
-
-
Target
c34c3173ec9350b98c8eb041881b7e58.exe
-
Size
1.2MB
-
MD5
c34c3173ec9350b98c8eb041881b7e58
-
SHA1
eeea61972fba068e1bd010354555cda9c4802c79
-
SHA256
c06b079814ab52484292497631819acdb667cadd9c2a58cae97f5dc19d79e1c5
-
SHA512
67629e18128c73810e75ef92b21f788a9506024d960f73d823f6ee4173c8240969b2b10b1a6d60db027401ab442753845853a24929d31142ad399edbfc9f78cc
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-