General
-
Target
3e8044305c52c8ed72dff87aaa76b6ecb6264f00e7d1030af9f4b6954aa719d0
-
Size
1.8MB
-
Sample
211231-2l36aafgam
-
MD5
a4972219946625bfc86a9d0d93cfcdc4
-
SHA1
4eac439c6a4f756fe90e8adbd078c2527385e22e
-
SHA256
3e8044305c52c8ed72dff87aaa76b6ecb6264f00e7d1030af9f4b6954aa719d0
-
SHA512
ecd937e403e789b9f7fa40adcaebfa8ebaed00e1c1a86d2785e05c6515f96794843adda6e3995ae7a6329b2de19de59d24ec95971c3a789e51810bd329fb3e05
Static task
static1
Malware Config
Extracted
danabot
4
142.11.244.223:443
192.236.194.72:443
-
embedded_hash
0FA95F120D6EB149A5D48E36BC76879D
-
type
loader
Targets
-
-
Target
3e8044305c52c8ed72dff87aaa76b6ecb6264f00e7d1030af9f4b6954aa719d0
-
Size
1.8MB
-
MD5
a4972219946625bfc86a9d0d93cfcdc4
-
SHA1
4eac439c6a4f756fe90e8adbd078c2527385e22e
-
SHA256
3e8044305c52c8ed72dff87aaa76b6ecb6264f00e7d1030af9f4b6954aa719d0
-
SHA512
ecd937e403e789b9f7fa40adcaebfa8ebaed00e1c1a86d2785e05c6515f96794843adda6e3995ae7a6329b2de19de59d24ec95971c3a789e51810bd329fb3e05
-
Danabot Loader Component
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Loads dropped DLL
-