General
-
Target
a07a26961fcd37fbbbe292225e069243.exe
-
Size
1.2MB
-
Sample
220131-h2552agegp
-
MD5
a07a26961fcd37fbbbe292225e069243
-
SHA1
d4f3c4d7045865e52284544c1957cf3786902404
-
SHA256
8b73e5a9e4093166d04fcee33db13db39dacbb6a2bb8282282e1ab9558fddc86
-
SHA512
81fe9aa924055f4a039cd662d4244bbf9a48b6698fbb6bffd891cd59d55a613e67011bcc3ad2420f9d7bf4d2447abdccbf4caff086ab2ae7331e6aa3191fd769
Static task
static1
Behavioral task
behavioral1
Sample
a07a26961fcd37fbbbe292225e069243.exe
Resource
win7-en-20211208
Malware Config
Extracted
danabot
4
5.253.84.124:443
103.175.16.114:443
193.34.166.107:443
-
embedded_hash
422236FD601D11EE82825A484D26DD6F
-
type
loader
Extracted
danabot
2108
4
5.253.84.124:443
103.175.16.114:443
193.34.166.107:443
-
embedded_hash
422236FD601D11EE82825A484D26DD6F
-
type
main
Targets
-
-
Target
a07a26961fcd37fbbbe292225e069243.exe
-
Size
1.2MB
-
MD5
a07a26961fcd37fbbbe292225e069243
-
SHA1
d4f3c4d7045865e52284544c1957cf3786902404
-
SHA256
8b73e5a9e4093166d04fcee33db13db39dacbb6a2bb8282282e1ab9558fddc86
-
SHA512
81fe9aa924055f4a039cd662d4244bbf9a48b6698fbb6bffd891cd59d55a613e67011bcc3ad2420f9d7bf4d2447abdccbf4caff086ab2ae7331e6aa3191fd769
-
Danabot Loader Component
-
suricata: ET MALWARE Danabot Key Exchange Request
suricata: ET MALWARE Danabot Key Exchange Request
-
Blocklisted process makes network request
-
Sets DLL path for service in the registry
-
Sets service image path in registry
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-