General
-
Target
d3e59dc676e16119abad9021b3db7f5df9f7e9eebb6a0a5a7b0295e46a3a6b72
-
Size
5.3MB
-
Sample
211211-v8zytabed5
-
MD5
438392c9420a13ba91f1bf96c897dcf5
-
SHA1
05daa3c541772e43f4bcc155dba6ce5cfcdf89ef
-
SHA256
d3e59dc676e16119abad9021b3db7f5df9f7e9eebb6a0a5a7b0295e46a3a6b72
-
SHA512
0bb4cfebe6232c9d00501080edd0b62d1beb00bdcb886425e72112c1b83c64d6bff08cc428e1133db15641c0e241cef74566e90c6ffece727a7c2f744d367e6a
Static task
static1
Malware Config
Extracted
danabot
142.11.244.223:443
23.106.122.139:443
-
embedded_hash
0FA95F120D6EB149A5D48E36BC76879D
-
type
loader
Targets
-
-
Target
d3e59dc676e16119abad9021b3db7f5df9f7e9eebb6a0a5a7b0295e46a3a6b72
-
Size
5.3MB
-
MD5
438392c9420a13ba91f1bf96c897dcf5
-
SHA1
05daa3c541772e43f4bcc155dba6ce5cfcdf89ef
-
SHA256
d3e59dc676e16119abad9021b3db7f5df9f7e9eebb6a0a5a7b0295e46a3a6b72
-
SHA512
0bb4cfebe6232c9d00501080edd0b62d1beb00bdcb886425e72112c1b83c64d6bff08cc428e1133db15641c0e241cef74566e90c6ffece727a7c2f744d367e6a
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-