General
-
Target
6548bb28396f639c2aef92957b6858d369c7626a881f000d089646811075955f
-
Size
983KB
-
Sample
220226-j4nt7saaf2
-
MD5
26726bcd43e28e6840b33b69a3064b48
-
SHA1
a7010995512c3be9b2a9ad2e27d9eff1c732f5c5
-
SHA256
6548bb28396f639c2aef92957b6858d369c7626a881f000d089646811075955f
-
SHA512
01e7d8b783d36371ac75167ac7ab4a81e53ce14be064fb2be578f43becb8386632e74867b0f5399a3a3b0aa803a016c121b2aaab88466f1f589fc1275aa62114
Static task
static1
Behavioral task
behavioral1
Sample
6548bb28396f639c2aef92957b6858d369c7626a881f000d089646811075955f.exe
Resource
win7-20220223-en
Malware Config
Extracted
danabot
5.61.58.130
2.56.213.39
2.56.212.4
5.61.56.192
Targets
-
-
Target
6548bb28396f639c2aef92957b6858d369c7626a881f000d089646811075955f
-
Size
983KB
-
MD5
26726bcd43e28e6840b33b69a3064b48
-
SHA1
a7010995512c3be9b2a9ad2e27d9eff1c732f5c5
-
SHA256
6548bb28396f639c2aef92957b6858d369c7626a881f000d089646811075955f
-
SHA512
01e7d8b783d36371ac75167ac7ab4a81e53ce14be064fb2be578f43becb8386632e74867b0f5399a3a3b0aa803a016c121b2aaab88466f1f589fc1275aa62114
-
Danabot x86 payload
Detection of Danabot x86 payload, mapped in memory during the execution of its loader.
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Blocklisted process makes network request
-
Loads dropped DLL
-