General
-
Target
a6a8f833fdd0b5f4ee7b46714a3d20c7.exe
-
Size
482KB
-
Sample
210723-c7rt6jr9fn
-
MD5
a6a8f833fdd0b5f4ee7b46714a3d20c7
-
SHA1
bb056be49140db02baa6b03618d0fa4fdc14ea0f
-
SHA256
c97d5d2645cc3028888156c99ddec9d67c3eb8812295d6f2fdd3f6e1a182f9a3
-
SHA512
d237d4e6d17c31a19a633c88c11b47e63fcb9fee386ab1772103e068cf59c56ac2676184e17e612b1dc345b69643d65fa89ddcb7ea87dab8d593eb6867cc10aa
Static task
static1
Behavioral task
behavioral1
Sample
a6a8f833fdd0b5f4ee7b46714a3d20c7.exe
Resource
win7v20210408
Malware Config
Extracted
danabot
1987
4
142.11.244.124:443
142.11.206.50:443
-
embedded_hash
6AD9FE4F9E491E785665E0D144F61DAB
Targets
-
-
Target
a6a8f833fdd0b5f4ee7b46714a3d20c7.exe
-
Size
482KB
-
MD5
a6a8f833fdd0b5f4ee7b46714a3d20c7
-
SHA1
bb056be49140db02baa6b03618d0fa4fdc14ea0f
-
SHA256
c97d5d2645cc3028888156c99ddec9d67c3eb8812295d6f2fdd3f6e1a182f9a3
-
SHA512
d237d4e6d17c31a19a633c88c11b47e63fcb9fee386ab1772103e068cf59c56ac2676184e17e612b1dc345b69643d65fa89ddcb7ea87dab8d593eb6867cc10aa
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-