General
-
Target
e29ebee9f5c0bcb08eecc4ea28549b5b189e9295527e68dd516eacde417b5428
-
Size
1.2MB
-
Sample
211024-m4h6hadgd3
-
MD5
7e5a3f0b30e599348bfb4bd8dd90c9b5
-
SHA1
3e0eab6ce8c4d1d7fd133e5fe311090f9e2510e5
-
SHA256
e29ebee9f5c0bcb08eecc4ea28549b5b189e9295527e68dd516eacde417b5428
-
SHA512
511a6373d667d4c8c556e4701953350f5d3283ddf55b90bbb0c51105216d9876d7ae673eb227537550f42931d1f296b726277278618078ec83e3b9db45cc97e8
Static task
static1
Malware Config
Extracted
danabot
192.119.110.73:443
192.236.147.159:443
192.210.222.88:443
-
embedded_hash
F4711E27D559B4AEB1A081A1EB0AC465
-
type
loader
Extracted
danabot
2052
4
192.119.110.73:443
192.236.147.159:443
192.210.222.88:443
-
embedded_hash
F4711E27D559B4AEB1A081A1EB0AC465
-
type
main
Targets
-
-
Target
e29ebee9f5c0bcb08eecc4ea28549b5b189e9295527e68dd516eacde417b5428
-
Size
1.2MB
-
MD5
7e5a3f0b30e599348bfb4bd8dd90c9b5
-
SHA1
3e0eab6ce8c4d1d7fd133e5fe311090f9e2510e5
-
SHA256
e29ebee9f5c0bcb08eecc4ea28549b5b189e9295527e68dd516eacde417b5428
-
SHA512
511a6373d667d4c8c556e4701953350f5d3283ddf55b90bbb0c51105216d9876d7ae673eb227537550f42931d1f296b726277278618078ec83e3b9db45cc97e8
-
Danabot Loader Component
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-