General
-
Target
6338907769534921e82ecca82da977874bac8e6e98d073f8e73fcbc82c5d3238
-
Size
1.2MB
-
Sample
211023-jpbakadbcm
-
MD5
5c6fd4271c55e873b184ed0052050c5e
-
SHA1
36c39fb5196f2b26523e6fd44663b7f741ffbe71
-
SHA256
6338907769534921e82ecca82da977874bac8e6e98d073f8e73fcbc82c5d3238
-
SHA512
019520b6114f1cf9a2e11e5648503d0520d87745b56729be39bd5273d36e9c95787523479bbf56966ce7a2f6ac6f86d627108b9b73843b3d4cae1b507aa65108
Static task
static1
Malware Config
Extracted
danabot
2052
4
192.119.110.73:443
192.236.147.159:443
192.210.222.88:443
-
embedded_hash
F4711E27D559B4AEB1A081A1EB0AC465
-
type
main
Targets
-
-
Target
6338907769534921e82ecca82da977874bac8e6e98d073f8e73fcbc82c5d3238
-
Size
1.2MB
-
MD5
5c6fd4271c55e873b184ed0052050c5e
-
SHA1
36c39fb5196f2b26523e6fd44663b7f741ffbe71
-
SHA256
6338907769534921e82ecca82da977874bac8e6e98d073f8e73fcbc82c5d3238
-
SHA512
019520b6114f1cf9a2e11e5648503d0520d87745b56729be39bd5273d36e9c95787523479bbf56966ce7a2f6ac6f86d627108b9b73843b3d4cae1b507aa65108
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-