General
-
Target
a07a26961fcd37fbbbe292225e069243.exe
-
Size
1.2MB
-
Sample
220219-xdz2fachfn
-
MD5
a07a26961fcd37fbbbe292225e069243
-
SHA1
d4f3c4d7045865e52284544c1957cf3786902404
-
SHA256
8b73e5a9e4093166d04fcee33db13db39dacbb6a2bb8282282e1ab9558fddc86
-
SHA512
81fe9aa924055f4a039cd662d4244bbf9a48b6698fbb6bffd891cd59d55a613e67011bcc3ad2420f9d7bf4d2447abdccbf4caff086ab2ae7331e6aa3191fd769
Static task
static1
Behavioral task
behavioral1
Sample
a07a26961fcd37fbbbe292225e069243.exe
Resource
win7-en-20211208
Malware Config
Extracted
danabot
4
5.253.84.124:443
103.175.16.114:443
193.34.166.107:443
-
embedded_hash
422236FD601D11EE82825A484D26DD6F
-
type
loader
Targets
-
-
Target
a07a26961fcd37fbbbe292225e069243.exe
-
Size
1.2MB
-
MD5
a07a26961fcd37fbbbe292225e069243
-
SHA1
d4f3c4d7045865e52284544c1957cf3786902404
-
SHA256
8b73e5a9e4093166d04fcee33db13db39dacbb6a2bb8282282e1ab9558fddc86
-
SHA512
81fe9aa924055f4a039cd662d4244bbf9a48b6698fbb6bffd891cd59d55a613e67011bcc3ad2420f9d7bf4d2447abdccbf4caff086ab2ae7331e6aa3191fd769
-
Danabot Loader Component
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Blocklisted process makes network request
-
Loads dropped DLL
-