General
-
Target
2754480dc85bc4b2beb1eb6637945d1c8643cf43df940fa614e94635b1227847
-
Size
1.2MB
-
Sample
211020-b9h7xahdhj
-
MD5
ffd87f2abdb8eb540ce899b1a25cc6ed
-
SHA1
81b3087989a3dadd745bcc53762d22334c05c20d
-
SHA256
2754480dc85bc4b2beb1eb6637945d1c8643cf43df940fa614e94635b1227847
-
SHA512
b497f9bff9d6515dca2423416a624b2ef75600ce06e53e39be79a146221f6933d49f3ebbab8454f6428464b24f6177182569ef5b13de0465a066c1aad73254d4
Static task
static1
Malware Config
Extracted
danabot
192.119.110.73:443
192.236.147.159:443
192.210.222.88:443
-
embedded_hash
F4711E27D559B4AEB1A081A1EB0AC465
-
type
loader
Extracted
danabot
2052
4
192.119.110.73:443
192.236.147.159:443
192.210.222.88:443
-
embedded_hash
F4711E27D559B4AEB1A081A1EB0AC465
-
type
main
Targets
-
-
Target
2754480dc85bc4b2beb1eb6637945d1c8643cf43df940fa614e94635b1227847
-
Size
1.2MB
-
MD5
ffd87f2abdb8eb540ce899b1a25cc6ed
-
SHA1
81b3087989a3dadd745bcc53762d22334c05c20d
-
SHA256
2754480dc85bc4b2beb1eb6637945d1c8643cf43df940fa614e94635b1227847
-
SHA512
b497f9bff9d6515dca2423416a624b2ef75600ce06e53e39be79a146221f6933d49f3ebbab8454f6428464b24f6177182569ef5b13de0465a066c1aad73254d4
-
Danabot Loader Component
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-