General
-
Target
013ed964d37e80ee700dd98ba83bc25692ee92b4895b92eed17c4ef5359432f8
-
Size
955KB
-
Sample
220226-lwnwcabfep
-
MD5
13694c1e016d5a35d902070111f63d18
-
SHA1
8a7de1581df4a927a1b5144af9d590750649aa2c
-
SHA256
013ed964d37e80ee700dd98ba83bc25692ee92b4895b92eed17c4ef5359432f8
-
SHA512
5ddc6f8a61d0879a337f6eb751cfdf8965ba6efcc59abb1fe84f5a304588e0738be214c76dbf6d565d72ec00b8ae398c62f1492a66510926d452c1eca16e6b89
Static task
static1
Behavioral task
behavioral1
Sample
013ed964d37e80ee700dd98ba83bc25692ee92b4895b92eed17c4ef5359432f8.exe
Resource
win7-20220223-en
Malware Config
Extracted
danabot
5.61.58.130
2.56.213.39
2.56.212.4
5.61.56.192
Targets
-
-
Target
013ed964d37e80ee700dd98ba83bc25692ee92b4895b92eed17c4ef5359432f8
-
Size
955KB
-
MD5
13694c1e016d5a35d902070111f63d18
-
SHA1
8a7de1581df4a927a1b5144af9d590750649aa2c
-
SHA256
013ed964d37e80ee700dd98ba83bc25692ee92b4895b92eed17c4ef5359432f8
-
SHA512
5ddc6f8a61d0879a337f6eb751cfdf8965ba6efcc59abb1fe84f5a304588e0738be214c76dbf6d565d72ec00b8ae398c62f1492a66510926d452c1eca16e6b89
-
Danabot x86 payload
Detection of Danabot x86 payload, mapped in memory during the execution of its loader.
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Blocklisted process makes network request
-
Loads dropped DLL
-