General
-
Target
1df80dc87cbf0939f1d693c02c538c78
-
Size
1.2MB
-
Sample
210725-knflhnzhj2
-
MD5
1df80dc87cbf0939f1d693c02c538c78
-
SHA1
1bb689f77d4548f07cd39b41d91996bf60185eac
-
SHA256
2f13aeda87ac36d7d1ed671093fb1c713eebba7c3536ccf44486aad6ae679450
-
SHA512
dbba7852f6d11efdc1ac05dfd9ef2b21d9c4bc8d40f6a87db2dc31c790401d33957b4579a7f1a92b5222d9d2c79e6dc6ea101cfcabc4cf53b81aebf220440efe
Static task
static1
Behavioral task
behavioral1
Sample
1df80dc87cbf0939f1d693c02c538c78.exe
Resource
win7v20210408
Malware Config
Extracted
danabot
1987
4
142.11.244.124:443
142.11.206.50:443
-
embedded_hash
6AD9FE4F9E491E785665E0D144F61DAB
Targets
-
-
Target
1df80dc87cbf0939f1d693c02c538c78
-
Size
1.2MB
-
MD5
1df80dc87cbf0939f1d693c02c538c78
-
SHA1
1bb689f77d4548f07cd39b41d91996bf60185eac
-
SHA256
2f13aeda87ac36d7d1ed671093fb1c713eebba7c3536ccf44486aad6ae679450
-
SHA512
dbba7852f6d11efdc1ac05dfd9ef2b21d9c4bc8d40f6a87db2dc31c790401d33957b4579a7f1a92b5222d9d2c79e6dc6ea101cfcabc4cf53b81aebf220440efe
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-