General
-
Target
32e0498fb410f53417d02ce173196495477153c3142faf26f6d7df6141547a3b
-
Size
1.2MB
-
Sample
211023-prg4sacch4
-
MD5
de6f0e624373067664d1b035452ba42e
-
SHA1
3eeaecb8683b9d61bae8fd10195ef7a81da7be2e
-
SHA256
32e0498fb410f53417d02ce173196495477153c3142faf26f6d7df6141547a3b
-
SHA512
21b584b97f4eab917274e4a7f3cead0254ced4508857b8df5886b5fb2927cb410b9c7d4a86e47e1840da17202876177fbe823bedc3cc8531b604a371638ea272
Static task
static1
Malware Config
Extracted
danabot
2052
4
192.119.110.73:443
192.236.147.159:443
192.210.222.88:443
-
embedded_hash
F4711E27D559B4AEB1A081A1EB0AC465
-
type
main
Targets
-
-
Target
32e0498fb410f53417d02ce173196495477153c3142faf26f6d7df6141547a3b
-
Size
1.2MB
-
MD5
de6f0e624373067664d1b035452ba42e
-
SHA1
3eeaecb8683b9d61bae8fd10195ef7a81da7be2e
-
SHA256
32e0498fb410f53417d02ce173196495477153c3142faf26f6d7df6141547a3b
-
SHA512
21b584b97f4eab917274e4a7f3cead0254ced4508857b8df5886b5fb2927cb410b9c7d4a86e47e1840da17202876177fbe823bedc3cc8531b604a371638ea272
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-