General
-
Target
37ef42e0b21d765a7a2fa3e29a934d4b.exe
-
Size
1.1MB
-
Sample
210726-kz19l8kj22
-
MD5
37ef42e0b21d765a7a2fa3e29a934d4b
-
SHA1
c10d179ded62764b0428e57e3a053097d7d57f2d
-
SHA256
2873f7c2119b8d916aa916e1c9138835b0ab18937e24f1e94f9f5949a1b64177
-
SHA512
e006ddc0adaf282688fb3b47c3f58399205702ecb08bd25784e1945cf887e9860807a27bda2724b823a0869c7dad4714ede3a71f1dd44f164b3288f98014490c
Static task
static1
Behavioral task
behavioral1
Sample
37ef42e0b21d765a7a2fa3e29a934d4b.exe
Resource
win7v20210410
Malware Config
Extracted
danabot
1987
4
142.11.244.124:443
142.11.206.50:443
-
embedded_hash
6AD9FE4F9E491E785665E0D144F61DAB
Targets
-
-
Target
37ef42e0b21d765a7a2fa3e29a934d4b.exe
-
Size
1.1MB
-
MD5
37ef42e0b21d765a7a2fa3e29a934d4b
-
SHA1
c10d179ded62764b0428e57e3a053097d7d57f2d
-
SHA256
2873f7c2119b8d916aa916e1c9138835b0ab18937e24f1e94f9f5949a1b64177
-
SHA512
e006ddc0adaf282688fb3b47c3f58399205702ecb08bd25784e1945cf887e9860807a27bda2724b823a0869c7dad4714ede3a71f1dd44f164b3288f98014490c
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-