General
-
Target
c875b1a340febc2e1e4e723b1549046f17c03b1765737fec624d0098157637f5
-
Size
1.2MB
-
Sample
211022-tzxlnabha3
-
MD5
3ebb8d7e457023cb9e14a2aa3b19faa1
-
SHA1
ae42c910407b5f1547cf365d7d1e3cfcfc0a0a1c
-
SHA256
c875b1a340febc2e1e4e723b1549046f17c03b1765737fec624d0098157637f5
-
SHA512
5b635dfbbad84085b734cc0b53dfbf7d53cfe6e4c02c675f26c3d5e6119364361c2c073a1978bd52a8af56505c4d1ab4a2d978498dba7386f45f7b60924a2d90
Static task
static1
Malware Config
Extracted
danabot
192.119.110.73:443
192.236.147.159:443
192.210.222.88:443
-
embedded_hash
F4711E27D559B4AEB1A081A1EB0AC465
-
type
loader
Extracted
danabot
2052
4
192.119.110.73:443
192.236.147.159:443
192.210.222.88:443
-
embedded_hash
F4711E27D559B4AEB1A081A1EB0AC465
-
type
main
Targets
-
-
Target
c875b1a340febc2e1e4e723b1549046f17c03b1765737fec624d0098157637f5
-
Size
1.2MB
-
MD5
3ebb8d7e457023cb9e14a2aa3b19faa1
-
SHA1
ae42c910407b5f1547cf365d7d1e3cfcfc0a0a1c
-
SHA256
c875b1a340febc2e1e4e723b1549046f17c03b1765737fec624d0098157637f5
-
SHA512
5b635dfbbad84085b734cc0b53dfbf7d53cfe6e4c02c675f26c3d5e6119364361c2c073a1978bd52a8af56505c4d1ab4a2d978498dba7386f45f7b60924a2d90
-
Danabot Loader Component
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-