General
-
Target
434c4d6383148ec2d1e98e455ff2629b
-
Size
1.1MB
-
Sample
210722-69a8wbncy6
-
MD5
434c4d6383148ec2d1e98e455ff2629b
-
SHA1
4fe3f1549a9ef0d6c1ff611a1a4f88cf17c8d8cb
-
SHA256
6fa6caea53a25606c7e2991d370927d98bf3df093e77a0cea8816c30194afda0
-
SHA512
3e83e7d70f3634418a8c1a950b43587104f6ba0213a2f49e95ab72f7e740030d3d1568b66a5938c47250daed961ea31c3a65094bc95db7d6de1c13ae36fe33ed
Static task
static1
Behavioral task
behavioral1
Sample
434c4d6383148ec2d1e98e455ff2629b.exe
Resource
win7v20210410
Malware Config
Extracted
danabot
1987
4
142.11.244.124:443
142.11.206.50:443
-
embedded_hash
6AD9FE4F9E491E785665E0D144F61DAB
Targets
-
-
Target
434c4d6383148ec2d1e98e455ff2629b
-
Size
1.1MB
-
MD5
434c4d6383148ec2d1e98e455ff2629b
-
SHA1
4fe3f1549a9ef0d6c1ff611a1a4f88cf17c8d8cb
-
SHA256
6fa6caea53a25606c7e2991d370927d98bf3df093e77a0cea8816c30194afda0
-
SHA512
3e83e7d70f3634418a8c1a950b43587104f6ba0213a2f49e95ab72f7e740030d3d1568b66a5938c47250daed961ea31c3a65094bc95db7d6de1c13ae36fe33ed
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-