General
-
Target
8215f0ace69bf69721bb6bf991cc87462db48b0e81851addb40d41492298e176
-
Size
4.3MB
-
Sample
220208-1xre7affdj
-
MD5
bdde08b2fb6638e9a34a069aa1a29f61
-
SHA1
8422f03e01dd55e6ef146a23fd745f172d0b94b7
-
SHA256
8215f0ace69bf69721bb6bf991cc87462db48b0e81851addb40d41492298e176
-
SHA512
5e0634490dc7398003d8d44859284d290e72672611f8b149edab3dac98f6eec93cc2fb4432c8e4bbc547a952ad0174de96707b289c970975ae47a286a930dccd
Static task
static1
Behavioral task
behavioral1
Sample
8215f0ace69bf69721bb6bf991cc87462db48b0e81851addb40d41492298e176.exe
Resource
win7-en-20211208
Malware Config
Extracted
danabot
1732
3
104.227.34.227:443
64.188.20.187:443
51.195.73.129:443
176.123.2.249:443
-
embedded_hash
6266E79288DFE2AE2C2DB47563C7F93A
-
type
main
Targets
-
-
Target
8215f0ace69bf69721bb6bf991cc87462db48b0e81851addb40d41492298e176
-
Size
4.3MB
-
MD5
bdde08b2fb6638e9a34a069aa1a29f61
-
SHA1
8422f03e01dd55e6ef146a23fd745f172d0b94b7
-
SHA256
8215f0ace69bf69721bb6bf991cc87462db48b0e81851addb40d41492298e176
-
SHA512
5e0634490dc7398003d8d44859284d290e72672611f8b149edab3dac98f6eec93cc2fb4432c8e4bbc547a952ad0174de96707b289c970975ae47a286a930dccd
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
suricata: ET MALWARE Danabot Key Exchange Request
suricata: ET MALWARE Danabot Key Exchange Request
-
Blocklisted process makes network request
-
Deletes itself
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-