General
-
Target
3774a2a904ae613e8fccdecd4e71b7e6328b9f5c8005d560ed0547f0c1f57c85
-
Size
3.9MB
-
Sample
220306-2ahp7shdhm
-
MD5
8740460edd3f281188b6be3be67fc15e
-
SHA1
b27d1e2bb5c6f9150dd63833eeec5843fd167522
-
SHA256
3774a2a904ae613e8fccdecd4e71b7e6328b9f5c8005d560ed0547f0c1f57c85
-
SHA512
06fb32b044abf6a31267cfe11f4e3512cc70cae4670209c55e07dff11838303f25ef48144ca5afd3cacc7f695e8b484f034941afeab16b6b01cda868dc880868
Static task
static1
Behavioral task
behavioral1
Sample
3774a2a904ae613e8fccdecd4e71b7e6328b9f5c8005d560ed0547f0c1f57c85.exe
Resource
win7-20220223-en
Malware Config
Extracted
danabot
1732
3
167.114.188.63:443
104.227.34.227:443
192.241.101.68:443
23.106.123.249:443
-
embedded_hash
E1D3580C52F82AF2B3596E20FB85D9F4
-
type
main
Targets
-
-
Target
3774a2a904ae613e8fccdecd4e71b7e6328b9f5c8005d560ed0547f0c1f57c85
-
Size
3.9MB
-
MD5
8740460edd3f281188b6be3be67fc15e
-
SHA1
b27d1e2bb5c6f9150dd63833eeec5843fd167522
-
SHA256
3774a2a904ae613e8fccdecd4e71b7e6328b9f5c8005d560ed0547f0c1f57c85
-
SHA512
06fb32b044abf6a31267cfe11f4e3512cc70cae4670209c55e07dff11838303f25ef48144ca5afd3cacc7f695e8b484f034941afeab16b6b01cda868dc880868
-
suricata: ET MALWARE Danabot Key Exchange Request
suricata: ET MALWARE Danabot Key Exchange Request
-
Blocklisted process makes network request
-
Deletes itself
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-