General
-
Target
eufive_20210725-084051
-
Size
1010KB
-
Sample
210725-vdlm7pqxza
-
MD5
1c52aed4df30df05a45966183eeef3c2
-
SHA1
11f350112bdd668b11b2fb3849ef2b0c7c020bb4
-
SHA256
152265b11b39688bfa5dd656dddacf87c01515f70f62aeb3b1406138a77986d5
-
SHA512
7c30a710cdf9e7f7043b1e4a8a9c1af9e2c70570dd428691451f908b0f81f2f4c3c71f691a2174ba339b1b713baa3ace3f65820402a91225387923f848665ab6
Static task
static1
Behavioral task
behavioral1
Sample
eufive_20210725-084051.exe
Resource
win7v20210410
Malware Config
Extracted
danabot
1987
15
192.52.166.169:443
173.254.204.95:443
192.52.167.45:443
-
embedded_hash
D6A9A294BFDC6F13BFCC2AB0FA9B54B9
Targets
-
-
Target
eufive_20210725-084051
-
Size
1010KB
-
MD5
1c52aed4df30df05a45966183eeef3c2
-
SHA1
11f350112bdd668b11b2fb3849ef2b0c7c020bb4
-
SHA256
152265b11b39688bfa5dd656dddacf87c01515f70f62aeb3b1406138a77986d5
-
SHA512
7c30a710cdf9e7f7043b1e4a8a9c1af9e2c70570dd428691451f908b0f81f2f4c3c71f691a2174ba339b1b713baa3ace3f65820402a91225387923f848665ab6
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-