General
-
Target
06d01f809ea7376345a5ca5629c15c32e7d2a32efa40ffafe2aba4636275ab08
-
Size
1.8MB
-
Sample
211231-r7nydahac3
-
MD5
ff5cedf647fbf787f6f043aea049f75c
-
SHA1
e7f03078d14c286c38f0c4bbf55bb5feaa51bc4b
-
SHA256
06d01f809ea7376345a5ca5629c15c32e7d2a32efa40ffafe2aba4636275ab08
-
SHA512
c3476ec2cdfb737db07d3015f86321ce1f4ed07adb060243939c4cbb2ec94d508bb4646f459954524152ad3b614d36acf324a1551a9c379268518a42e7f6fc3f
Static task
static1
Malware Config
Extracted
danabot
4
142.11.244.223:443
192.236.194.72:443
-
embedded_hash
0FA95F120D6EB149A5D48E36BC76879D
-
type
loader
Targets
-
-
Target
06d01f809ea7376345a5ca5629c15c32e7d2a32efa40ffafe2aba4636275ab08
-
Size
1.8MB
-
MD5
ff5cedf647fbf787f6f043aea049f75c
-
SHA1
e7f03078d14c286c38f0c4bbf55bb5feaa51bc4b
-
SHA256
06d01f809ea7376345a5ca5629c15c32e7d2a32efa40ffafe2aba4636275ab08
-
SHA512
c3476ec2cdfb737db07d3015f86321ce1f4ed07adb060243939c4cbb2ec94d508bb4646f459954524152ad3b614d36acf324a1551a9c379268518a42e7f6fc3f
-
Danabot Loader Component
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Loads dropped DLL
-