General
-
Target
29393136e15f865547a490bc40afe42e35f761602bebb920883330206435919b
-
Size
1.2MB
-
Sample
211019-pchf1afge7
-
MD5
763dcd16d2e57a9f1d8994d48d51fed4
-
SHA1
99b9f91a5b094e682f5c0ceb2086503ab439d9ac
-
SHA256
29393136e15f865547a490bc40afe42e35f761602bebb920883330206435919b
-
SHA512
6c26a168f8a8be912eacd095097d0f68c609b1eb227cd5f9acfb4b6e26841c6ee325431a1a706bd8366d6c498ab8af22f547b4cbf09e2c9ed062177c1055aeb6
Static task
static1
Malware Config
Extracted
danabot
192.119.110.73:443
192.236.147.159:443
192.210.222.88:443
-
embedded_hash
F4711E27D559B4AEB1A081A1EB0AC465
-
type
loader
Extracted
danabot
2052
4
192.119.110.73:443
192.236.147.159:443
192.210.222.88:443
-
embedded_hash
F4711E27D559B4AEB1A081A1EB0AC465
-
type
main
Targets
-
-
Target
29393136e15f865547a490bc40afe42e35f761602bebb920883330206435919b
-
Size
1.2MB
-
MD5
763dcd16d2e57a9f1d8994d48d51fed4
-
SHA1
99b9f91a5b094e682f5c0ceb2086503ab439d9ac
-
SHA256
29393136e15f865547a490bc40afe42e35f761602bebb920883330206435919b
-
SHA512
6c26a168f8a8be912eacd095097d0f68c609b1eb227cd5f9acfb4b6e26841c6ee325431a1a706bd8366d6c498ab8af22f547b4cbf09e2c9ed062177c1055aeb6
-
Danabot Loader Component
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-