General
-
Target
014cbdc259ef1fde1a1e27b064eebcfa8344075d591dad1ab56888df71a13a89
-
Size
1.0MB
-
Sample
220226-lwle8abfen
-
MD5
00b24dcb1665fc7c6e67e51ed80d660f
-
SHA1
928f0cde4c8d935e181aa9b1990d72cbe58fd6eb
-
SHA256
014cbdc259ef1fde1a1e27b064eebcfa8344075d591dad1ab56888df71a13a89
-
SHA512
588119d135c3a8d3cd3037da882a5e75f02075848f5a2624ead6739fd0e4c984493bfad6daa48306e8b30c03744156bc3be04532cfea7d2492212ce3f78e41d6
Static task
static1
Behavioral task
behavioral1
Sample
014cbdc259ef1fde1a1e27b064eebcfa8344075d591dad1ab56888df71a13a89.exe
Resource
win7-en-20211208
Malware Config
Extracted
danabot
5.61.58.130
2.56.213.39
2.56.212.4
5.61.56.192
Targets
-
-
Target
014cbdc259ef1fde1a1e27b064eebcfa8344075d591dad1ab56888df71a13a89
-
Size
1.0MB
-
MD5
00b24dcb1665fc7c6e67e51ed80d660f
-
SHA1
928f0cde4c8d935e181aa9b1990d72cbe58fd6eb
-
SHA256
014cbdc259ef1fde1a1e27b064eebcfa8344075d591dad1ab56888df71a13a89
-
SHA512
588119d135c3a8d3cd3037da882a5e75f02075848f5a2624ead6739fd0e4c984493bfad6daa48306e8b30c03744156bc3be04532cfea7d2492212ce3f78e41d6
-
Danabot x86 payload
Detection of Danabot x86 payload, mapped in memory during the execution of its loader.
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Blocklisted process makes network request
-
Loads dropped DLL
-