General
-
Target
6b354241e35b428ab147ab2dddac5db43f9cbb0f47be3a3741cf4284b359bac6
-
Size
1.8MB
-
Sample
211227-t8424acha9
-
MD5
3bb2336d86fdaa380b48581d6beecce9
-
SHA1
894b2837bba7de061ea6568fc8762c03c4ca5240
-
SHA256
6b354241e35b428ab147ab2dddac5db43f9cbb0f47be3a3741cf4284b359bac6
-
SHA512
ed3bc0d93d14994839270be366d4792a6eee16e36511e01c9e3a6ce142f1c84e756560809938d1a51700fdd43c3324dfb8485f79b6dd4fd5f2dc5b3994ce8213
Static task
static1
Malware Config
Extracted
danabot
4
142.11.244.223:443
192.236.194.72:443
-
embedded_hash
0FA95F120D6EB149A5D48E36BC76879D
-
type
loader
Targets
-
-
Target
6b354241e35b428ab147ab2dddac5db43f9cbb0f47be3a3741cf4284b359bac6
-
Size
1.8MB
-
MD5
3bb2336d86fdaa380b48581d6beecce9
-
SHA1
894b2837bba7de061ea6568fc8762c03c4ca5240
-
SHA256
6b354241e35b428ab147ab2dddac5db43f9cbb0f47be3a3741cf4284b359bac6
-
SHA512
ed3bc0d93d14994839270be366d4792a6eee16e36511e01c9e3a6ce142f1c84e756560809938d1a51700fdd43c3324dfb8485f79b6dd4fd5f2dc5b3994ce8213
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Loads dropped DLL
-