General
-
Target
7092a7d3f114fa0d72ac3aa642aeea066822a2a88fc094aebbb6f427e4d531a4
-
Size
1.8MB
-
Sample
211231-vlflnafefn
-
MD5
bf62c54c9200bffcacbf4c87b4b7c963
-
SHA1
200a481595fe7a4889d0ed04534c0f29d2c6dcd4
-
SHA256
7092a7d3f114fa0d72ac3aa642aeea066822a2a88fc094aebbb6f427e4d531a4
-
SHA512
95fb76d5e7ab0502ec949a0b1ccebad947c57dcc26b4d1ea3e3df1cbc59826d728596d7b20033a2c57f44e5bb1e915e8d55cb2320f88e16762bc13a432beb265
Static task
static1
Malware Config
Extracted
danabot
4
142.11.244.223:443
192.236.194.72:443
-
embedded_hash
0FA95F120D6EB149A5D48E36BC76879D
-
type
loader
Targets
-
-
Target
7092a7d3f114fa0d72ac3aa642aeea066822a2a88fc094aebbb6f427e4d531a4
-
Size
1.8MB
-
MD5
bf62c54c9200bffcacbf4c87b4b7c963
-
SHA1
200a481595fe7a4889d0ed04534c0f29d2c6dcd4
-
SHA256
7092a7d3f114fa0d72ac3aa642aeea066822a2a88fc094aebbb6f427e4d531a4
-
SHA512
95fb76d5e7ab0502ec949a0b1ccebad947c57dcc26b4d1ea3e3df1cbc59826d728596d7b20033a2c57f44e5bb1e915e8d55cb2320f88e16762bc13a432beb265
-
Danabot Loader Component
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Loads dropped DLL
-