General
-
Target
d9e365ef3c3b36a9974bf0b5c95d50188d0879849fb39bc3dc38fdda6ced9b8b
-
Size
1.2MB
-
Sample
211022-pc8m7abfb3
-
MD5
00c28e54775b45f20fddff77b1ded22c
-
SHA1
f802027b030cc702464498dd28c58bfd61145a11
-
SHA256
d9e365ef3c3b36a9974bf0b5c95d50188d0879849fb39bc3dc38fdda6ced9b8b
-
SHA512
d0807f03ddfd6bca693fe3fc405e4a45cb86cab03dcff9b5dccf7401cab4236d29a8413c3c52e04e7adc06d30a5751d303eae25a888d5e14592a8fbd16795b8e
Static task
static1
Malware Config
Extracted
danabot
192.119.110.73:443
192.236.147.159:443
192.210.222.88:443
-
embedded_hash
F4711E27D559B4AEB1A081A1EB0AC465
-
type
loader
Extracted
danabot
2052
4
192.119.110.73:443
192.236.147.159:443
192.210.222.88:443
-
embedded_hash
F4711E27D559B4AEB1A081A1EB0AC465
-
type
main
Targets
-
-
Target
d9e365ef3c3b36a9974bf0b5c95d50188d0879849fb39bc3dc38fdda6ced9b8b
-
Size
1.2MB
-
MD5
00c28e54775b45f20fddff77b1ded22c
-
SHA1
f802027b030cc702464498dd28c58bfd61145a11
-
SHA256
d9e365ef3c3b36a9974bf0b5c95d50188d0879849fb39bc3dc38fdda6ced9b8b
-
SHA512
d0807f03ddfd6bca693fe3fc405e4a45cb86cab03dcff9b5dccf7401cab4236d29a8413c3c52e04e7adc06d30a5751d303eae25a888d5e14592a8fbd16795b8e
-
Danabot Loader Component
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-