General
-
Target
072c76e5d822be16ed6f50fe2f00d020754802ed7434e14abf4c2fa77a48f1e3
-
Size
1.8MB
-
Sample
211231-wh4dzsfehp
-
MD5
9142c28cefd426a2937a7365c1362f6d
-
SHA1
2bf07778ad5cc46e8ba0d91244d3e1bee27eaece
-
SHA256
072c76e5d822be16ed6f50fe2f00d020754802ed7434e14abf4c2fa77a48f1e3
-
SHA512
c55efd55f578d71410eb08b5acef774c61a1471f09c13fd4c88c61e0107e905ca9b61dbeb8b1005db957a3baba4bafda6e77c9cd53d1ba5755a41200d440e83e
Static task
static1
Malware Config
Extracted
danabot
4
142.11.244.223:443
192.236.194.72:443
-
embedded_hash
0FA95F120D6EB149A5D48E36BC76879D
-
type
loader
Targets
-
-
Target
072c76e5d822be16ed6f50fe2f00d020754802ed7434e14abf4c2fa77a48f1e3
-
Size
1.8MB
-
MD5
9142c28cefd426a2937a7365c1362f6d
-
SHA1
2bf07778ad5cc46e8ba0d91244d3e1bee27eaece
-
SHA256
072c76e5d822be16ed6f50fe2f00d020754802ed7434e14abf4c2fa77a48f1e3
-
SHA512
c55efd55f578d71410eb08b5acef774c61a1471f09c13fd4c88c61e0107e905ca9b61dbeb8b1005db957a3baba4bafda6e77c9cd53d1ba5755a41200d440e83e
-
Danabot Loader Component
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Loads dropped DLL
-