General
-
Target
d19e634e9faed0bdaca7de2b1840ffa706e9b0464fbdc631ac5ddcb4e9b62753
-
Size
1.2MB
-
Sample
211023-g95c2acbd4
-
MD5
dc2c6b8eb1d785e114a2027980ae1bda
-
SHA1
2c34ab5d4c1c1913cf27ddf7ee00a18265bdd574
-
SHA256
d19e634e9faed0bdaca7de2b1840ffa706e9b0464fbdc631ac5ddcb4e9b62753
-
SHA512
53d8447b9e68201a2e453fa7c1683c7096a8a860054567bae39756f72185ad3ca8e923bf52dfcad50a35f1c5a476aec7b25bf84ed17457a0ebf84e9174a0e492
Static task
static1
Malware Config
Extracted
danabot
2052
4
192.119.110.73:443
192.236.147.159:443
192.210.222.88:443
-
embedded_hash
F4711E27D559B4AEB1A081A1EB0AC465
-
type
main
Targets
-
-
Target
d19e634e9faed0bdaca7de2b1840ffa706e9b0464fbdc631ac5ddcb4e9b62753
-
Size
1.2MB
-
MD5
dc2c6b8eb1d785e114a2027980ae1bda
-
SHA1
2c34ab5d4c1c1913cf27ddf7ee00a18265bdd574
-
SHA256
d19e634e9faed0bdaca7de2b1840ffa706e9b0464fbdc631ac5ddcb4e9b62753
-
SHA512
53d8447b9e68201a2e453fa7c1683c7096a8a860054567bae39756f72185ad3ca8e923bf52dfcad50a35f1c5a476aec7b25bf84ed17457a0ebf84e9174a0e492
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-