General
-
Target
e745b808f1a9a23c8804f0e3a6588a27ed0820fb8942a40480a3918a6ee26912
-
Size
1.2MB
-
Sample
211024-mq46taegdr
-
MD5
d9724cd97fa855b3252d7557dc769d41
-
SHA1
b988b6cf95d710150644bcb6726238af04961477
-
SHA256
e745b808f1a9a23c8804f0e3a6588a27ed0820fb8942a40480a3918a6ee26912
-
SHA512
e913f3329772b2f0bf33c775dd03a7571bbb53286605c7fff09aac18fdc517c9ea30ee7f44cf32435e88c5619b5d8d71887b3027a367a34f4d49ce26bb369d74
Static task
static1
Malware Config
Extracted
danabot
192.119.110.73:443
192.236.147.159:443
192.210.222.88:443
-
embedded_hash
F4711E27D559B4AEB1A081A1EB0AC465
-
type
loader
Extracted
danabot
2052
4
192.119.110.73:443
192.236.147.159:443
192.210.222.88:443
-
embedded_hash
F4711E27D559B4AEB1A081A1EB0AC465
-
type
main
Targets
-
-
Target
e745b808f1a9a23c8804f0e3a6588a27ed0820fb8942a40480a3918a6ee26912
-
Size
1.2MB
-
MD5
d9724cd97fa855b3252d7557dc769d41
-
SHA1
b988b6cf95d710150644bcb6726238af04961477
-
SHA256
e745b808f1a9a23c8804f0e3a6588a27ed0820fb8942a40480a3918a6ee26912
-
SHA512
e913f3329772b2f0bf33c775dd03a7571bbb53286605c7fff09aac18fdc517c9ea30ee7f44cf32435e88c5619b5d8d71887b3027a367a34f4d49ce26bb369d74
-
Danabot Loader Component
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-