General
-
Target
475846a1e5b5ffe6d30c24d977bd0812a5b253f58d1983522b195985a46877aa
-
Size
1.2MB
-
Sample
211020-s4fchaabdl
-
MD5
768d27a0c0530c21056ae1c9df32a945
-
SHA1
9f1acaf79f4a99c311ee68699a65237dc04f6be3
-
SHA256
475846a1e5b5ffe6d30c24d977bd0812a5b253f58d1983522b195985a46877aa
-
SHA512
5acbad2f4c1530faf1ae0dc6c93515ef8c2099f61d694d0b7e31d5c81986755d8582b6b0c72bfe873ef06eb658252226f0696ce16f923bf31c93626399af294a
Static task
static1
Malware Config
Extracted
danabot
192.119.110.73:443
192.236.147.159:443
192.210.222.88:443
-
embedded_hash
F4711E27D559B4AEB1A081A1EB0AC465
-
type
loader
Extracted
danabot
2052
4
192.119.110.73:443
192.236.147.159:443
192.210.222.88:443
-
embedded_hash
F4711E27D559B4AEB1A081A1EB0AC465
-
type
main
Targets
-
-
Target
475846a1e5b5ffe6d30c24d977bd0812a5b253f58d1983522b195985a46877aa
-
Size
1.2MB
-
MD5
768d27a0c0530c21056ae1c9df32a945
-
SHA1
9f1acaf79f4a99c311ee68699a65237dc04f6be3
-
SHA256
475846a1e5b5ffe6d30c24d977bd0812a5b253f58d1983522b195985a46877aa
-
SHA512
5acbad2f4c1530faf1ae0dc6c93515ef8c2099f61d694d0b7e31d5c81986755d8582b6b0c72bfe873ef06eb658252226f0696ce16f923bf31c93626399af294a
-
Danabot Loader Component
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-