General
-
Target
3168462b40b11698b32fa1f90b8d684cba056ff88837ad67efad1d203641deec
-
Size
979KB
-
Sample
220226-k5mh7sbefm
-
MD5
adc8c26038ab606b280ce3ea693b5bc4
-
SHA1
b2a2a0c749adb844e94b33c141e3044387b688b2
-
SHA256
3168462b40b11698b32fa1f90b8d684cba056ff88837ad67efad1d203641deec
-
SHA512
d0e46ebf72244663c58a320d81e631f731a3ab84bd9e9be05e69259fa0d7166d6213b9c61e4f8e6dde0400f94a92afdbcee36190d97ef141e0ec4cad7797c70c
Static task
static1
Behavioral task
behavioral1
Sample
3168462b40b11698b32fa1f90b8d684cba056ff88837ad67efad1d203641deec.exe
Resource
win7-en-20211208
Malware Config
Extracted
danabot
5.61.58.130
2.56.213.39
2.56.212.4
5.61.56.192
Targets
-
-
Target
3168462b40b11698b32fa1f90b8d684cba056ff88837ad67efad1d203641deec
-
Size
979KB
-
MD5
adc8c26038ab606b280ce3ea693b5bc4
-
SHA1
b2a2a0c749adb844e94b33c141e3044387b688b2
-
SHA256
3168462b40b11698b32fa1f90b8d684cba056ff88837ad67efad1d203641deec
-
SHA512
d0e46ebf72244663c58a320d81e631f731a3ab84bd9e9be05e69259fa0d7166d6213b9c61e4f8e6dde0400f94a92afdbcee36190d97ef141e0ec4cad7797c70c
-
Danabot x86 payload
Detection of Danabot x86 payload, mapped in memory during the execution of its loader.
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Blocklisted process makes network request
-
Loads dropped DLL
-