General
-
Target
951ec50e4f40422236432d79473aeb0bad60adec1064f8a955b46c1058d83ae3
-
Size
1.2MB
-
Sample
211024-znakmsgbej
-
MD5
fba63eed7a4327d4924fca0a9de80cd6
-
SHA1
7619c9b120d9721ae7d0bff277816153c1ddb5ef
-
SHA256
951ec50e4f40422236432d79473aeb0bad60adec1064f8a955b46c1058d83ae3
-
SHA512
c1a83fb209fe98836ddbe84ab7112f711062f2103e6deff96eb7bdf122dcdc1065ef51bbe7240e7121f93f5c9e630ef1a36387bca27cf72db140e1c176cc0ce5
Static task
static1
Malware Config
Extracted
danabot
192.119.110.73:443
192.236.147.159:443
192.210.222.88:443
-
embedded_hash
F4711E27D559B4AEB1A081A1EB0AC465
-
type
loader
Extracted
danabot
2052
4
192.119.110.73:443
192.236.147.159:443
192.210.222.88:443
-
embedded_hash
F4711E27D559B4AEB1A081A1EB0AC465
-
type
main
Targets
-
-
Target
951ec50e4f40422236432d79473aeb0bad60adec1064f8a955b46c1058d83ae3
-
Size
1.2MB
-
MD5
fba63eed7a4327d4924fca0a9de80cd6
-
SHA1
7619c9b120d9721ae7d0bff277816153c1ddb5ef
-
SHA256
951ec50e4f40422236432d79473aeb0bad60adec1064f8a955b46c1058d83ae3
-
SHA512
c1a83fb209fe98836ddbe84ab7112f711062f2103e6deff96eb7bdf122dcdc1065ef51bbe7240e7121f93f5c9e630ef1a36387bca27cf72db140e1c176cc0ce5
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-