General
-
Target
a9eb1cd336e4a7edec114ade335a3c0903b4b52253f0bcb02c7b08edb0120151
-
Size
1.2MB
-
Sample
211019-2s5yfshdam
-
MD5
8b56a82dc8855741c7389261da25f65c
-
SHA1
8d0f50cd24f4964f232e39370655294e0489e873
-
SHA256
a9eb1cd336e4a7edec114ade335a3c0903b4b52253f0bcb02c7b08edb0120151
-
SHA512
40cab2bdceac8dcc1eb9486e3becc94ebfd1ca3a55f6fdd993b277bcd647c017236b6b04790edcc275c9385b91b3bec121a7ebca5370c07cf1e60b8bd50ea6eb
Static task
static1
Malware Config
Extracted
danabot
192.119.110.73:443
192.236.147.159:443
192.210.222.88:443
-
embedded_hash
F4711E27D559B4AEB1A081A1EB0AC465
-
type
loader
Extracted
danabot
2052
4
192.119.110.73:443
192.236.147.159:443
192.210.222.88:443
-
embedded_hash
F4711E27D559B4AEB1A081A1EB0AC465
-
type
main
Targets
-
-
Target
a9eb1cd336e4a7edec114ade335a3c0903b4b52253f0bcb02c7b08edb0120151
-
Size
1.2MB
-
MD5
8b56a82dc8855741c7389261da25f65c
-
SHA1
8d0f50cd24f4964f232e39370655294e0489e873
-
SHA256
a9eb1cd336e4a7edec114ade335a3c0903b4b52253f0bcb02c7b08edb0120151
-
SHA512
40cab2bdceac8dcc1eb9486e3becc94ebfd1ca3a55f6fdd993b277bcd647c017236b6b04790edcc275c9385b91b3bec121a7ebca5370c07cf1e60b8bd50ea6eb
-
Danabot Loader Component
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-