General
-
Target
c8dd0c191381840bc03ffb8837caa5d34b89b7e98aaafd8f7ed76d4305ea0ef5
-
Size
1.2MB
-
Sample
211022-x76q3scaf3
-
MD5
9cc88dbc9e667adf16792d7af0eb99a7
-
SHA1
9ce52b79de7dcfcb68b36baaa1566a3d1de95be3
-
SHA256
c8dd0c191381840bc03ffb8837caa5d34b89b7e98aaafd8f7ed76d4305ea0ef5
-
SHA512
01833796d1f79c30204955507318d39c884bd8fa82dae6b753c6e6a40ac8ff4eb2629df5652694a41c9492ec376bb1e5ca6d4bcc5c063f37e0690658c76ada84
Static task
static1
Malware Config
Extracted
danabot
2052
4
192.119.110.73:443
192.236.147.159:443
192.210.222.88:443
-
embedded_hash
F4711E27D559B4AEB1A081A1EB0AC465
-
type
main
Targets
-
-
Target
c8dd0c191381840bc03ffb8837caa5d34b89b7e98aaafd8f7ed76d4305ea0ef5
-
Size
1.2MB
-
MD5
9cc88dbc9e667adf16792d7af0eb99a7
-
SHA1
9ce52b79de7dcfcb68b36baaa1566a3d1de95be3
-
SHA256
c8dd0c191381840bc03ffb8837caa5d34b89b7e98aaafd8f7ed76d4305ea0ef5
-
SHA512
01833796d1f79c30204955507318d39c884bd8fa82dae6b753c6e6a40ac8ff4eb2629df5652694a41c9492ec376bb1e5ca6d4bcc5c063f37e0690658c76ada84
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-