General
-
Target
b95aefab5c529ef3d921a1c44dd3b0a8046af03c2514333f7b1441b24bafe7b4
-
Size
1.2MB
-
Sample
211023-mszn4sdcaq
-
MD5
1177e6705dc59be13207b56c39db519c
-
SHA1
44e6ff837b7806379eaecca33d1427d8e37f546b
-
SHA256
b95aefab5c529ef3d921a1c44dd3b0a8046af03c2514333f7b1441b24bafe7b4
-
SHA512
011127bb02b708ca8384b0aec0c4c73f42760b47aa30c9b3f450037af434dda32fa5f26e326a107d7e58e70ad6126d9185c505e736f3a285613c253394e943b1
Static task
static1
Malware Config
Extracted
danabot
2052
4
192.119.110.73:443
192.236.147.159:443
192.210.222.88:443
-
embedded_hash
F4711E27D559B4AEB1A081A1EB0AC465
-
type
main
Targets
-
-
Target
b95aefab5c529ef3d921a1c44dd3b0a8046af03c2514333f7b1441b24bafe7b4
-
Size
1.2MB
-
MD5
1177e6705dc59be13207b56c39db519c
-
SHA1
44e6ff837b7806379eaecca33d1427d8e37f546b
-
SHA256
b95aefab5c529ef3d921a1c44dd3b0a8046af03c2514333f7b1441b24bafe7b4
-
SHA512
011127bb02b708ca8384b0aec0c4c73f42760b47aa30c9b3f450037af434dda32fa5f26e326a107d7e58e70ad6126d9185c505e736f3a285613c253394e943b1
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-