General
-
Target
784949d5ab49e5e8783897c2e8cd1815.exe
-
Size
1.1MB
-
Sample
210723-sv1pvvt1kj
-
MD5
784949d5ab49e5e8783897c2e8cd1815
-
SHA1
056732ccf73a6e3ef5f22e3a058278a57d9c3f51
-
SHA256
1862c6b58deef050db0cb8f2fe013c3e49002469d234b5c9857f2d6c5114e32d
-
SHA512
cc81d4a237e5962f770d703451520074bf65a4d614686375cf4aad4f9216cef964b17e17d1fcc0dcb30189dce8852750f892cd3ef2c4407da429945e0a3156dd
Static task
static1
Behavioral task
behavioral1
Sample
784949d5ab49e5e8783897c2e8cd1815.exe
Resource
win7v20210410
Malware Config
Extracted
danabot
1987
4
142.11.244.124:443
142.11.206.50:443
-
embedded_hash
6AD9FE4F9E491E785665E0D144F61DAB
Targets
-
-
Target
784949d5ab49e5e8783897c2e8cd1815.exe
-
Size
1.1MB
-
MD5
784949d5ab49e5e8783897c2e8cd1815
-
SHA1
056732ccf73a6e3ef5f22e3a058278a57d9c3f51
-
SHA256
1862c6b58deef050db0cb8f2fe013c3e49002469d234b5c9857f2d6c5114e32d
-
SHA512
cc81d4a237e5962f770d703451520074bf65a4d614686375cf4aad4f9216cef964b17e17d1fcc0dcb30189dce8852750f892cd3ef2c4407da429945e0a3156dd
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-