General
-
Target
ab97379430925c314d088393a8b39e15
-
Size
1.1MB
-
Sample
210725-r2tmkt74a6
-
MD5
ab97379430925c314d088393a8b39e15
-
SHA1
f6f67f43bedd372da5cfcb18dae42e7139d25c04
-
SHA256
d3467bceb27c8533c1a904b34437aa2fd03963be8085f668a961b113feb75c5c
-
SHA512
63b82abdf1db7c0ef80dd2cce925f2aafb0ed7d55931b35ea8f244153b5e027c689623024f114d13bcb31d189e6a8ddcec289f7a2cac9f8c4b2e38cd67c2922d
Static task
static1
Behavioral task
behavioral1
Sample
ab97379430925c314d088393a8b39e15.exe
Resource
win7v20210410
Malware Config
Extracted
danabot
1987
4
142.11.244.124:443
142.11.206.50:443
-
embedded_hash
6AD9FE4F9E491E785665E0D144F61DAB
Targets
-
-
Target
ab97379430925c314d088393a8b39e15
-
Size
1.1MB
-
MD5
ab97379430925c314d088393a8b39e15
-
SHA1
f6f67f43bedd372da5cfcb18dae42e7139d25c04
-
SHA256
d3467bceb27c8533c1a904b34437aa2fd03963be8085f668a961b113feb75c5c
-
SHA512
63b82abdf1db7c0ef80dd2cce925f2aafb0ed7d55931b35ea8f244153b5e027c689623024f114d13bcb31d189e6a8ddcec289f7a2cac9f8c4b2e38cd67c2922d
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-