General
-
Target
cbeaf4b12d6ee7771977a0d287da80ed0d7861b68ba44664aa9e4c27d11c79ce
-
Size
983KB
-
Sample
220226-hbpqcshfg7
-
MD5
682ed3fab2effb467675bcdf30eb7bb9
-
SHA1
92bc282abd71583093184d844020f367ce49030a
-
SHA256
cbeaf4b12d6ee7771977a0d287da80ed0d7861b68ba44664aa9e4c27d11c79ce
-
SHA512
d13ec8cb854978cb4993184e9b4f6bfcf81ec8000018c3c76e0fbc7df8b352e311838a2c883169d64488ab048ba8d7a83da17b6f470884d8d5a98bd23c45259a
Static task
static1
Behavioral task
behavioral1
Sample
cbeaf4b12d6ee7771977a0d287da80ed0d7861b68ba44664aa9e4c27d11c79ce.exe
Resource
win7-en-20211208
Malware Config
Extracted
danabot
5.61.58.130
2.56.213.39
2.56.212.4
5.61.56.192
Targets
-
-
Target
cbeaf4b12d6ee7771977a0d287da80ed0d7861b68ba44664aa9e4c27d11c79ce
-
Size
983KB
-
MD5
682ed3fab2effb467675bcdf30eb7bb9
-
SHA1
92bc282abd71583093184d844020f367ce49030a
-
SHA256
cbeaf4b12d6ee7771977a0d287da80ed0d7861b68ba44664aa9e4c27d11c79ce
-
SHA512
d13ec8cb854978cb4993184e9b4f6bfcf81ec8000018c3c76e0fbc7df8b352e311838a2c883169d64488ab048ba8d7a83da17b6f470884d8d5a98bd23c45259a
-
Danabot x86 payload
Detection of Danabot x86 payload, mapped in memory during the execution of its loader.
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Blocklisted process makes network request
-
Loads dropped DLL
-