General
-
Target
ba060accb7e8c43b290f35cfd229954de469309d5f289c9ba5f60a95510c914d
-
Size
984KB
-
Sample
220226-hmwcaabagq
-
MD5
fd3287f724b6bfd5b925a3d2f65b4cf4
-
SHA1
99e1408bb8d8112080db19827e59dea833aae886
-
SHA256
ba060accb7e8c43b290f35cfd229954de469309d5f289c9ba5f60a95510c914d
-
SHA512
89e2c9d636023320b8358eddcaf11244afd0f18a1c85d528bce2ebbe39d1aec40809b58778a55cf32458350d7531be12bfec744ced09092536abee4e61b3fee8
Static task
static1
Behavioral task
behavioral1
Sample
ba060accb7e8c43b290f35cfd229954de469309d5f289c9ba5f60a95510c914d.exe
Resource
win7-20220223-en
Malware Config
Extracted
danabot
5.61.58.130
2.56.213.39
2.56.212.4
5.61.56.192
Targets
-
-
Target
ba060accb7e8c43b290f35cfd229954de469309d5f289c9ba5f60a95510c914d
-
Size
984KB
-
MD5
fd3287f724b6bfd5b925a3d2f65b4cf4
-
SHA1
99e1408bb8d8112080db19827e59dea833aae886
-
SHA256
ba060accb7e8c43b290f35cfd229954de469309d5f289c9ba5f60a95510c914d
-
SHA512
89e2c9d636023320b8358eddcaf11244afd0f18a1c85d528bce2ebbe39d1aec40809b58778a55cf32458350d7531be12bfec744ced09092536abee4e61b3fee8
-
Danabot x86 payload
Detection of Danabot x86 payload, mapped in memory during the execution of its loader.
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Blocklisted process makes network request
-
Loads dropped DLL
-