General
-
Target
95c27d002213104e4029df6f785dba30a0fd7fc7bf1aeb27e15f669edbc27d85
-
Size
3.9MB
-
Sample
220306-2anapafgf8
-
MD5
cdb7cedd0d9adb7c036b49f4ff2eb5c4
-
SHA1
fc4a2c47085d30633bcd220d821455d333bee647
-
SHA256
95c27d002213104e4029df6f785dba30a0fd7fc7bf1aeb27e15f669edbc27d85
-
SHA512
6bd6231e90097e0a5c0e8fa36175f9f7c5a6dd41f4e53ea6ae87ac3234bba8ee6b975c802c05228d4f09c7f0e04c43773f7814b8324529e58b9946b28a01c43c
Static task
static1
Behavioral task
behavioral1
Sample
95c27d002213104e4029df6f785dba30a0fd7fc7bf1aeb27e15f669edbc27d85.exe
Resource
win7-20220223-en
Malware Config
Extracted
danabot
1732
3
23.106.123.249:443
51.195.73.129:443
167.114.188.38:443
23.226.132.92:443
-
embedded_hash
E1D3580C52F82AF2B3596E20FB85D9F4
-
type
main
Targets
-
-
Target
95c27d002213104e4029df6f785dba30a0fd7fc7bf1aeb27e15f669edbc27d85
-
Size
3.9MB
-
MD5
cdb7cedd0d9adb7c036b49f4ff2eb5c4
-
SHA1
fc4a2c47085d30633bcd220d821455d333bee647
-
SHA256
95c27d002213104e4029df6f785dba30a0fd7fc7bf1aeb27e15f669edbc27d85
-
SHA512
6bd6231e90097e0a5c0e8fa36175f9f7c5a6dd41f4e53ea6ae87ac3234bba8ee6b975c802c05228d4f09c7f0e04c43773f7814b8324529e58b9946b28a01c43c
-
Blocklisted process makes network request
-
Deletes itself
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-