General
-
Target
17900fe44bdbfb80fa1284a97fd7fa4a80943a1a9d5ebbb2bc6f2c88d6afbf16
-
Size
1.2MB
-
Sample
211024-hfhgvadda5
-
MD5
7e114b4f1d26a5408f039ea130d1f799
-
SHA1
653aa4f24420b8e34b36b6ccf76a5b771c5deb49
-
SHA256
17900fe44bdbfb80fa1284a97fd7fa4a80943a1a9d5ebbb2bc6f2c88d6afbf16
-
SHA512
2449e7c5bb4cf7ec8884959a92858ab41605c175d348e90c375c09db441f6445fb3ee9522bea10041ad28c440d97898ba4336ba0195af6b5a00d37df39dea04f
Static task
static1
Malware Config
Extracted
danabot
192.119.110.73:443
192.236.147.159:443
192.210.222.88:443
-
embedded_hash
F4711E27D559B4AEB1A081A1EB0AC465
-
type
loader
Extracted
danabot
2052
4
192.119.110.73:443
192.236.147.159:443
192.210.222.88:443
-
embedded_hash
F4711E27D559B4AEB1A081A1EB0AC465
-
type
main
Targets
-
-
Target
17900fe44bdbfb80fa1284a97fd7fa4a80943a1a9d5ebbb2bc6f2c88d6afbf16
-
Size
1.2MB
-
MD5
7e114b4f1d26a5408f039ea130d1f799
-
SHA1
653aa4f24420b8e34b36b6ccf76a5b771c5deb49
-
SHA256
17900fe44bdbfb80fa1284a97fd7fa4a80943a1a9d5ebbb2bc6f2c88d6afbf16
-
SHA512
2449e7c5bb4cf7ec8884959a92858ab41605c175d348e90c375c09db441f6445fb3ee9522bea10041ad28c440d97898ba4336ba0195af6b5a00d37df39dea04f
-
Danabot Loader Component
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-