General
-
Target
e6b7419ef5704c67f35d42beeeba83ba
-
Size
1.1MB
-
Sample
210724-yn5a8p38ls
-
MD5
e6b7419ef5704c67f35d42beeeba83ba
-
SHA1
feedc1394fa98c479c41fc1211c530f3201fde06
-
SHA256
7a79e2248392fa193b734c9442588144434853006dd6b54545ab3e4ef7971cba
-
SHA512
0807f5e4691cddb6a44c4f231a084857919a223c98fee3f7441f9be35e9eab6597077114eff067508c9b615aed006a155ac6a124d44fc436a52ec770d040a0b1
Static task
static1
Behavioral task
behavioral1
Sample
e6b7419ef5704c67f35d42beeeba83ba.exe
Resource
win7v20210410
Malware Config
Extracted
danabot
1987
4
142.11.244.124:443
142.11.206.50:443
-
embedded_hash
6AD9FE4F9E491E785665E0D144F61DAB
Targets
-
-
Target
e6b7419ef5704c67f35d42beeeba83ba
-
Size
1.1MB
-
MD5
e6b7419ef5704c67f35d42beeeba83ba
-
SHA1
feedc1394fa98c479c41fc1211c530f3201fde06
-
SHA256
7a79e2248392fa193b734c9442588144434853006dd6b54545ab3e4ef7971cba
-
SHA512
0807f5e4691cddb6a44c4f231a084857919a223c98fee3f7441f9be35e9eab6597077114eff067508c9b615aed006a155ac6a124d44fc436a52ec770d040a0b1
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-