General
-
Target
db3cffa16f2e8436dc53c4418072f1b0c80f94966b9c01e204808dc1857aa8bb
-
Size
1.1MB
-
Sample
211021-1dex2sbgar
-
MD5
24ca51b618666a5a044fcd3692f12c29
-
SHA1
8071b7e9e41602ce1e9b8b2d674a2f85c3fd007d
-
SHA256
db3cffa16f2e8436dc53c4418072f1b0c80f94966b9c01e204808dc1857aa8bb
-
SHA512
67044870ef92e5eeaa40e1a1ec9ff9e4f23b123383bf7a26692c29a2c079b843b6091fff4f4672c585dbb4175675aea1b42dc3df5f36fa1bea064949fea06523
Static task
static1
Malware Config
Extracted
danabot
192.119.110.73:443
192.236.147.159:443
192.210.222.88:443
-
embedded_hash
F4711E27D559B4AEB1A081A1EB0AC465
-
type
loader
Extracted
danabot
2052
4
192.119.110.73:443
192.236.147.159:443
192.210.222.88:443
-
embedded_hash
F4711E27D559B4AEB1A081A1EB0AC465
-
type
main
Targets
-
-
Target
db3cffa16f2e8436dc53c4418072f1b0c80f94966b9c01e204808dc1857aa8bb
-
Size
1.1MB
-
MD5
24ca51b618666a5a044fcd3692f12c29
-
SHA1
8071b7e9e41602ce1e9b8b2d674a2f85c3fd007d
-
SHA256
db3cffa16f2e8436dc53c4418072f1b0c80f94966b9c01e204808dc1857aa8bb
-
SHA512
67044870ef92e5eeaa40e1a1ec9ff9e4f23b123383bf7a26692c29a2c079b843b6091fff4f4672c585dbb4175675aea1b42dc3df5f36fa1bea064949fea06523
-
Danabot Loader Component
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-