General
-
Target
4ca951e9d3fcc4196ad777f1f908cf2857e6ed55a7d72d7b0f6636a6b522fe7e
-
Size
963KB
-
Sample
220226-kpnrbsbeaj
-
MD5
11b8443bb27a671c0fe7b7bd176f205a
-
SHA1
cea9fb3e370f50ddc41a1dee7a55d80c9358c1e7
-
SHA256
4ca951e9d3fcc4196ad777f1f908cf2857e6ed55a7d72d7b0f6636a6b522fe7e
-
SHA512
b31e0e6915ddb62afa88a8906273a4c46a2b4b04ca84647024af6404ae9b89af05fd1f7bbfbbfa0d98e21d48230a3dac35d78fbbc0a4393a3f1d7a9d47c1bdfe
Static task
static1
Behavioral task
behavioral1
Sample
4ca951e9d3fcc4196ad777f1f908cf2857e6ed55a7d72d7b0f6636a6b522fe7e.exe
Resource
win7-en-20211208
Malware Config
Extracted
danabot
5.61.58.130
2.56.213.39
2.56.212.4
5.61.56.192
Targets
-
-
Target
4ca951e9d3fcc4196ad777f1f908cf2857e6ed55a7d72d7b0f6636a6b522fe7e
-
Size
963KB
-
MD5
11b8443bb27a671c0fe7b7bd176f205a
-
SHA1
cea9fb3e370f50ddc41a1dee7a55d80c9358c1e7
-
SHA256
4ca951e9d3fcc4196ad777f1f908cf2857e6ed55a7d72d7b0f6636a6b522fe7e
-
SHA512
b31e0e6915ddb62afa88a8906273a4c46a2b4b04ca84647024af6404ae9b89af05fd1f7bbfbbfa0d98e21d48230a3dac35d78fbbc0a4393a3f1d7a9d47c1bdfe
-
Danabot x86 payload
Detection of Danabot x86 payload, mapped in memory during the execution of its loader.
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Blocklisted process makes network request
-
Loads dropped DLL
-