General
-
Target
46a4d3889acd9e2e596deeccb7df2dc5a7ad93452768ba960d1a7d0796a3a839
-
Size
1.8MB
-
Sample
211231-qwkk5sghh4
-
MD5
f36abafaf91c9d271e23b37324ebab3f
-
SHA1
1bfbd5cf8eebf6b351b99e1186853e1c94aacc30
-
SHA256
46a4d3889acd9e2e596deeccb7df2dc5a7ad93452768ba960d1a7d0796a3a839
-
SHA512
aa4eb4cae2cd7faa20b682087a366725d6220c56ee9384cbcac7e4297b76afd339665e4d62dec00fa295068ab6ac71fe40387951441a6c62b23b41554148f529
Static task
static1
Malware Config
Extracted
danabot
4
142.11.244.223:443
192.236.194.72:443
-
embedded_hash
0FA95F120D6EB149A5D48E36BC76879D
-
type
loader
Targets
-
-
Target
46a4d3889acd9e2e596deeccb7df2dc5a7ad93452768ba960d1a7d0796a3a839
-
Size
1.8MB
-
MD5
f36abafaf91c9d271e23b37324ebab3f
-
SHA1
1bfbd5cf8eebf6b351b99e1186853e1c94aacc30
-
SHA256
46a4d3889acd9e2e596deeccb7df2dc5a7ad93452768ba960d1a7d0796a3a839
-
SHA512
aa4eb4cae2cd7faa20b682087a366725d6220c56ee9384cbcac7e4297b76afd339665e4d62dec00fa295068ab6ac71fe40387951441a6c62b23b41554148f529
-
Danabot Loader Component
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Loads dropped DLL
-