General
-
Target
2aacacdf16af64967a4433935ce0ea136d5d3d16f6f111052b99dcc354b1c667
-
Size
1.2MB
-
Sample
211024-g37vksecaj
-
MD5
e1d9fce87b862fecb222cd8724344d09
-
SHA1
963159395508bc4abf329adf3b804237a6845dfc
-
SHA256
2aacacdf16af64967a4433935ce0ea136d5d3d16f6f111052b99dcc354b1c667
-
SHA512
36c67ded56d997afd31246022301ce3068a02b9605b7016db75a56de91bf2fbedaea29a247e925ab23d5eabf9f38766f03eb09fcedee6394263061d99c9705b2
Static task
static1
Malware Config
Extracted
danabot
192.119.110.73:443
192.236.147.159:443
192.210.222.88:443
-
embedded_hash
F4711E27D559B4AEB1A081A1EB0AC465
-
type
loader
Extracted
danabot
2052
4
192.119.110.73:443
192.236.147.159:443
192.210.222.88:443
-
embedded_hash
F4711E27D559B4AEB1A081A1EB0AC465
-
type
main
Targets
-
-
Target
2aacacdf16af64967a4433935ce0ea136d5d3d16f6f111052b99dcc354b1c667
-
Size
1.2MB
-
MD5
e1d9fce87b862fecb222cd8724344d09
-
SHA1
963159395508bc4abf329adf3b804237a6845dfc
-
SHA256
2aacacdf16af64967a4433935ce0ea136d5d3d16f6f111052b99dcc354b1c667
-
SHA512
36c67ded56d997afd31246022301ce3068a02b9605b7016db75a56de91bf2fbedaea29a247e925ab23d5eabf9f38766f03eb09fcedee6394263061d99c9705b2
-
Danabot Loader Component
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-