General
-
Target
2a28fd47632cf25492fc99faed96914f3d525a2fac62959dd2368f273ffc2fd8
-
Size
1.8MB
-
Sample
211231-fn3rmsfbap
-
MD5
7b36f21d06459f3f4633c3b0c79d0e08
-
SHA1
e4d1f301d3d04779486eb3f354df2bd881815991
-
SHA256
2a28fd47632cf25492fc99faed96914f3d525a2fac62959dd2368f273ffc2fd8
-
SHA512
9989867ae46bf5e198154dfab18a73c1535972d11c5193a3f1386e923bfedd6212d953fdcf549dfddeccba9c5a341a6528e29b54f93c2997ad15ff8784912944
Static task
static1
Malware Config
Extracted
danabot
4
142.11.244.223:443
192.236.194.72:443
-
embedded_hash
0FA95F120D6EB149A5D48E36BC76879D
-
type
loader
Targets
-
-
Target
2a28fd47632cf25492fc99faed96914f3d525a2fac62959dd2368f273ffc2fd8
-
Size
1.8MB
-
MD5
7b36f21d06459f3f4633c3b0c79d0e08
-
SHA1
e4d1f301d3d04779486eb3f354df2bd881815991
-
SHA256
2a28fd47632cf25492fc99faed96914f3d525a2fac62959dd2368f273ffc2fd8
-
SHA512
9989867ae46bf5e198154dfab18a73c1535972d11c5193a3f1386e923bfedd6212d953fdcf549dfddeccba9c5a341a6528e29b54f93c2997ad15ff8784912944
-
Danabot Loader Component
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Loads dropped DLL
-