General
-
Target
3340df6c3ac9dfa8e61b54116a0157e286357f9ba9f0a6ccab81758f8e5816d3
-
Size
1.2MB
-
Sample
211019-k1tfysfea7
-
MD5
89672e92a15bd7da3eb93db1a07f28fc
-
SHA1
95a17e156d3a1b8272bc80fae292977bab968c71
-
SHA256
3340df6c3ac9dfa8e61b54116a0157e286357f9ba9f0a6ccab81758f8e5816d3
-
SHA512
8f6a754dc8be5e79fd33ffd65d7c43528c93220af7fcf641bbd3e3f68b7c19cf68f5b225d4456afd93b9beb85e71f56b46c93bbe4ac93ac24c261b1041092b98
Static task
static1
Malware Config
Extracted
danabot
192.119.110.73:443
192.236.147.159:443
192.210.222.88:443
-
embedded_hash
F4711E27D559B4AEB1A081A1EB0AC465
-
type
loader
Extracted
danabot
2052
4
192.119.110.73:443
192.236.147.159:443
192.210.222.88:443
-
embedded_hash
F4711E27D559B4AEB1A081A1EB0AC465
-
type
main
Targets
-
-
Target
3340df6c3ac9dfa8e61b54116a0157e286357f9ba9f0a6ccab81758f8e5816d3
-
Size
1.2MB
-
MD5
89672e92a15bd7da3eb93db1a07f28fc
-
SHA1
95a17e156d3a1b8272bc80fae292977bab968c71
-
SHA256
3340df6c3ac9dfa8e61b54116a0157e286357f9ba9f0a6ccab81758f8e5816d3
-
SHA512
8f6a754dc8be5e79fd33ffd65d7c43528c93220af7fcf641bbd3e3f68b7c19cf68f5b225d4456afd93b9beb85e71f56b46c93bbe4ac93ac24c261b1041092b98
-
Danabot Loader Component
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-