General
-
Target
31e2c3b009290449dc1fe9760c14e85b.exe
-
Size
1.4MB
-
Sample
210724-bl6c6jhrj6
-
MD5
31e2c3b009290449dc1fe9760c14e85b
-
SHA1
fa2442c7abef11a169088d43bd104ef6d21a12d7
-
SHA256
4f1af996a6a32b402d0b75a37f4412d3e2b6502ed95a4055e8a2313f83543cfa
-
SHA512
6ae10f9e51b928a49bafef4549b51dcbd9f83671604c76fc1449ad74d956e800b1d103b20ec7762634d1ad3bef82708d89830150d74eeb229cc6ade0798aa909
Static task
static1
Behavioral task
behavioral1
Sample
31e2c3b009290449dc1fe9760c14e85b.exe
Resource
win7v20210408
Malware Config
Extracted
danabot
1987
4
142.11.244.124:443
142.11.206.50:443
-
embedded_hash
6AD9FE4F9E491E785665E0D144F61DAB
Targets
-
-
Target
31e2c3b009290449dc1fe9760c14e85b.exe
-
Size
1.4MB
-
MD5
31e2c3b009290449dc1fe9760c14e85b
-
SHA1
fa2442c7abef11a169088d43bd104ef6d21a12d7
-
SHA256
4f1af996a6a32b402d0b75a37f4412d3e2b6502ed95a4055e8a2313f83543cfa
-
SHA512
6ae10f9e51b928a49bafef4549b51dcbd9f83671604c76fc1449ad74d956e800b1d103b20ec7762634d1ad3bef82708d89830150d74eeb229cc6ade0798aa909
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-