General
-
Target
97041a9313e87ead70945591d9cdddbf43ba23f1c01543b447a443bf7142cf24
-
Size
1.8MB
-
Sample
211230-2kfctsehbl
-
MD5
4f2390b9108836527451204996d0c0bd
-
SHA1
c5d818b287297fd75bb98e3b65c23abec29651e7
-
SHA256
97041a9313e87ead70945591d9cdddbf43ba23f1c01543b447a443bf7142cf24
-
SHA512
4a7d7547af079e0cd88838d58abf903ae689f3ac9bcab574e4514c7a62c76dda3b1409b0c8987c2f0964b325a0b89ca9f74af7f3940940dc09dee427e78b4283
Static task
static1
Malware Config
Extracted
danabot
4
142.11.244.223:443
192.236.194.72:443
-
embedded_hash
0FA95F120D6EB149A5D48E36BC76879D
-
type
loader
Targets
-
-
Target
97041a9313e87ead70945591d9cdddbf43ba23f1c01543b447a443bf7142cf24
-
Size
1.8MB
-
MD5
4f2390b9108836527451204996d0c0bd
-
SHA1
c5d818b287297fd75bb98e3b65c23abec29651e7
-
SHA256
97041a9313e87ead70945591d9cdddbf43ba23f1c01543b447a443bf7142cf24
-
SHA512
4a7d7547af079e0cd88838d58abf903ae689f3ac9bcab574e4514c7a62c76dda3b1409b0c8987c2f0964b325a0b89ca9f74af7f3940940dc09dee427e78b4283
-
Danabot Loader Component
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Loads dropped DLL
-