General
-
Target
618b537fb47cee861a5afa3a59001429be7db905bb1b5c08206fb0b3c09652f3
-
Size
1.2MB
-
Sample
211020-g9tarsgfe7
-
MD5
fb8ea75172da1f8691f5ad3de0fd1b67
-
SHA1
b4913ea33c3fd38ecd3cc65e6b6d5354c7583122
-
SHA256
618b537fb47cee861a5afa3a59001429be7db905bb1b5c08206fb0b3c09652f3
-
SHA512
07a803c6836fe66748895d5d2a45b7ac75f1584dd06504ad8a399ba2d9439df474553de4f5408ad728cec4132dab6e0a690b096bf3fce3ed6ad2c6cd2ad89504
Static task
static1
Malware Config
Extracted
danabot
192.119.110.73:443
192.236.147.159:443
192.210.222.88:443
-
embedded_hash
F4711E27D559B4AEB1A081A1EB0AC465
-
type
loader
Extracted
danabot
2052
4
192.119.110.73:443
192.236.147.159:443
192.210.222.88:443
-
embedded_hash
F4711E27D559B4AEB1A081A1EB0AC465
-
type
main
Targets
-
-
Target
618b537fb47cee861a5afa3a59001429be7db905bb1b5c08206fb0b3c09652f3
-
Size
1.2MB
-
MD5
fb8ea75172da1f8691f5ad3de0fd1b67
-
SHA1
b4913ea33c3fd38ecd3cc65e6b6d5354c7583122
-
SHA256
618b537fb47cee861a5afa3a59001429be7db905bb1b5c08206fb0b3c09652f3
-
SHA512
07a803c6836fe66748895d5d2a45b7ac75f1584dd06504ad8a399ba2d9439df474553de4f5408ad728cec4132dab6e0a690b096bf3fce3ed6ad2c6cd2ad89504
-
Danabot Loader Component
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-