General
-
Target
ababe38477f24a5e85c87a8c1a5a78d482298e27ca62e41cd9fa119bdc324fae
-
Size
1.2MB
-
Sample
211024-pprkfafaep
-
MD5
1d179f04e3c9733c814aef9b01e0cc8c
-
SHA1
62d6b279ab4d4f3083b69b7285635bb31c673fae
-
SHA256
ababe38477f24a5e85c87a8c1a5a78d482298e27ca62e41cd9fa119bdc324fae
-
SHA512
455215221ec2cff934f0dcfd1af8b310cf6f1e389be9f128a21aaeb1b541703ee828301703bc42cc0dc82d6089d2183553e5b90f029d07f6e6e52cb2455ce239
Static task
static1
Malware Config
Extracted
danabot
192.119.110.73:443
192.236.147.159:443
192.210.222.88:443
-
embedded_hash
F4711E27D559B4AEB1A081A1EB0AC465
-
type
loader
Extracted
danabot
2052
4
192.119.110.73:443
192.236.147.159:443
192.210.222.88:443
-
embedded_hash
F4711E27D559B4AEB1A081A1EB0AC465
-
type
main
Targets
-
-
Target
ababe38477f24a5e85c87a8c1a5a78d482298e27ca62e41cd9fa119bdc324fae
-
Size
1.2MB
-
MD5
1d179f04e3c9733c814aef9b01e0cc8c
-
SHA1
62d6b279ab4d4f3083b69b7285635bb31c673fae
-
SHA256
ababe38477f24a5e85c87a8c1a5a78d482298e27ca62e41cd9fa119bdc324fae
-
SHA512
455215221ec2cff934f0dcfd1af8b310cf6f1e389be9f128a21aaeb1b541703ee828301703bc42cc0dc82d6089d2183553e5b90f029d07f6e6e52cb2455ce239
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-