General
-
Target
12476bf4cc2940ef264ac615ac125bf89a1f76348a42a7410e6800380e36da84
-
Size
1.1MB
-
Sample
211021-l2tc1sabd3
-
MD5
faa5a6bae3386dd82857674cf54d6f0d
-
SHA1
49b350f2041e6003397397b2fc1f6787a84c8405
-
SHA256
12476bf4cc2940ef264ac615ac125bf89a1f76348a42a7410e6800380e36da84
-
SHA512
e3848e7d79698cbd356dc350750b35efe784ec789d8d5528e966f1c30f57203315d806b9d99a0778fca506464f5cd1960cca9094c2c581b3967a9c42a97ffe8d
Static task
static1
Malware Config
Extracted
danabot
192.119.110.73:443
192.236.147.159:443
192.210.222.88:443
-
embedded_hash
F4711E27D559B4AEB1A081A1EB0AC465
-
type
loader
Extracted
danabot
2052
4
192.119.110.73:443
192.236.147.159:443
192.210.222.88:443
-
embedded_hash
F4711E27D559B4AEB1A081A1EB0AC465
-
type
main
Targets
-
-
Target
12476bf4cc2940ef264ac615ac125bf89a1f76348a42a7410e6800380e36da84
-
Size
1.1MB
-
MD5
faa5a6bae3386dd82857674cf54d6f0d
-
SHA1
49b350f2041e6003397397b2fc1f6787a84c8405
-
SHA256
12476bf4cc2940ef264ac615ac125bf89a1f76348a42a7410e6800380e36da84
-
SHA512
e3848e7d79698cbd356dc350750b35efe784ec789d8d5528e966f1c30f57203315d806b9d99a0778fca506464f5cd1960cca9094c2c581b3967a9c42a97ffe8d
-
Danabot Loader Component
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-