General
-
Target
87fbc2ec82b1e83383d1c35845e5700fc3c08d434150407bcd50f33dc72129ec
-
Size
1.1MB
-
Sample
211021-ky91xsaaf3
-
MD5
7aadc6888607f7daf7cbf0c6d8de10ae
-
SHA1
51d47fc8644b8fd6e2cc7f3d6f5b418c487c8399
-
SHA256
87fbc2ec82b1e83383d1c35845e5700fc3c08d434150407bcd50f33dc72129ec
-
SHA512
d867646f541e8cb03e7ed26f9ca158d41c0dd88e9d29a3461d90a535181d81c699caf77b183c70772c078064b0dda6a8de8bab164a49718ac13b4e2b3289f5e2
Static task
static1
Malware Config
Extracted
danabot
192.119.110.73:443
192.236.147.159:443
192.210.222.88:443
-
embedded_hash
F4711E27D559B4AEB1A081A1EB0AC465
-
type
loader
Extracted
danabot
2052
4
192.119.110.73:443
192.236.147.159:443
192.210.222.88:443
-
embedded_hash
F4711E27D559B4AEB1A081A1EB0AC465
-
type
main
Targets
-
-
Target
87fbc2ec82b1e83383d1c35845e5700fc3c08d434150407bcd50f33dc72129ec
-
Size
1.1MB
-
MD5
7aadc6888607f7daf7cbf0c6d8de10ae
-
SHA1
51d47fc8644b8fd6e2cc7f3d6f5b418c487c8399
-
SHA256
87fbc2ec82b1e83383d1c35845e5700fc3c08d434150407bcd50f33dc72129ec
-
SHA512
d867646f541e8cb03e7ed26f9ca158d41c0dd88e9d29a3461d90a535181d81c699caf77b183c70772c078064b0dda6a8de8bab164a49718ac13b4e2b3289f5e2
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-