General
-
Target
de1a4d7099917b0d32f3193d4ad9171c38c49e0c6295fb0e5761fdfe5ca74580
-
Size
1.2MB
-
Sample
211020-xnrg2shed4
-
MD5
903dc4c649108c3893e7599e10966449
-
SHA1
b9b93febf9a10ead9d919cd5b04911e8aeaf2594
-
SHA256
de1a4d7099917b0d32f3193d4ad9171c38c49e0c6295fb0e5761fdfe5ca74580
-
SHA512
02e3891b6741b2ff3f3b1bc918de40c24a554ed9334dd9e8608f6edfbef1a73afc4d0896ed2a5a945d2724343aefdb3988fe39d64414395cf090466330ad358a
Static task
static1
Malware Config
Extracted
danabot
192.119.110.73:443
192.236.147.159:443
192.210.222.88:443
-
embedded_hash
F4711E27D559B4AEB1A081A1EB0AC465
-
type
loader
Extracted
danabot
2052
4
192.119.110.73:443
192.236.147.159:443
192.210.222.88:443
-
embedded_hash
F4711E27D559B4AEB1A081A1EB0AC465
-
type
main
Targets
-
-
Target
de1a4d7099917b0d32f3193d4ad9171c38c49e0c6295fb0e5761fdfe5ca74580
-
Size
1.2MB
-
MD5
903dc4c649108c3893e7599e10966449
-
SHA1
b9b93febf9a10ead9d919cd5b04911e8aeaf2594
-
SHA256
de1a4d7099917b0d32f3193d4ad9171c38c49e0c6295fb0e5761fdfe5ca74580
-
SHA512
02e3891b6741b2ff3f3b1bc918de40c24a554ed9334dd9e8608f6edfbef1a73afc4d0896ed2a5a945d2724343aefdb3988fe39d64414395cf090466330ad358a
-
Danabot Loader Component
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-