General
-
Target
2190b128c307b5f49180d7aae97bce955236ee13eb930bdbf6c25a5841e7a40e
-
Size
1.2MB
-
Sample
211024-slhpxaeda6
-
MD5
67013562b85ffe26a4966114933b25be
-
SHA1
f5b9c732dbe72a8a7ade7aa2110e2f2bc1b7b50c
-
SHA256
2190b128c307b5f49180d7aae97bce955236ee13eb930bdbf6c25a5841e7a40e
-
SHA512
dde4199723cecdacb0eaa86ddaa05981464f0294e4ab782befef9c5c7e44b827247b120222094db11616600e4943cf03b3c50591b12b4ef0f9f30011d62b86ce
Static task
static1
Malware Config
Extracted
danabot
192.119.110.73:443
192.236.147.159:443
192.210.222.88:443
-
embedded_hash
F4711E27D559B4AEB1A081A1EB0AC465
-
type
loader
Extracted
danabot
2052
4
192.119.110.73:443
192.236.147.159:443
192.210.222.88:443
-
embedded_hash
F4711E27D559B4AEB1A081A1EB0AC465
-
type
main
Targets
-
-
Target
2190b128c307b5f49180d7aae97bce955236ee13eb930bdbf6c25a5841e7a40e
-
Size
1.2MB
-
MD5
67013562b85ffe26a4966114933b25be
-
SHA1
f5b9c732dbe72a8a7ade7aa2110e2f2bc1b7b50c
-
SHA256
2190b128c307b5f49180d7aae97bce955236ee13eb930bdbf6c25a5841e7a40e
-
SHA512
dde4199723cecdacb0eaa86ddaa05981464f0294e4ab782befef9c5c7e44b827247b120222094db11616600e4943cf03b3c50591b12b4ef0f9f30011d62b86ce
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-