General
-
Target
c0c908fdb5c67cd4ab56ab911320adaf68e4bc9a230a4a04eaf2cf6ae92443f4
-
Size
1.2MB
-
Sample
211022-laz2gsccen
-
MD5
0b24b06fc8dd46d543cd12f15e182884
-
SHA1
c4e01c51b4f17c644e85d308fcde80ac0d8f971b
-
SHA256
c0c908fdb5c67cd4ab56ab911320adaf68e4bc9a230a4a04eaf2cf6ae92443f4
-
SHA512
7b32e2f2dacbe5eda936e1780ec68646bc004b0110f66ffa47e2d7fe57e967c022ea8071cfcfd63be500069c4c6da95077273baf5e308091a8bce7c16df88ff4
Static task
static1
Malware Config
Extracted
danabot
192.119.110.73:443
192.236.147.159:443
192.210.222.88:443
-
embedded_hash
F4711E27D559B4AEB1A081A1EB0AC465
-
type
loader
Extracted
danabot
2052
4
192.119.110.73:443
192.236.147.159:443
192.210.222.88:443
-
embedded_hash
F4711E27D559B4AEB1A081A1EB0AC465
-
type
main
Targets
-
-
Target
c0c908fdb5c67cd4ab56ab911320adaf68e4bc9a230a4a04eaf2cf6ae92443f4
-
Size
1.2MB
-
MD5
0b24b06fc8dd46d543cd12f15e182884
-
SHA1
c4e01c51b4f17c644e85d308fcde80ac0d8f971b
-
SHA256
c0c908fdb5c67cd4ab56ab911320adaf68e4bc9a230a4a04eaf2cf6ae92443f4
-
SHA512
7b32e2f2dacbe5eda936e1780ec68646bc004b0110f66ffa47e2d7fe57e967c022ea8071cfcfd63be500069c4c6da95077273baf5e308091a8bce7c16df88ff4
-
Danabot Loader Component
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-