General
-
Target
2312225289f2153e9a45dbd2b4ace49b8f47d458c92c21a4f4bff8f175aecc8d
-
Size
3.7MB
-
Sample
220309-s67vjachdl
-
MD5
143c5ed31f480133357f132ee8b1299a
-
SHA1
38ca8876390aee7b2bfc83b7ffc81a4ef915f1f3
-
SHA256
2312225289f2153e9a45dbd2b4ace49b8f47d458c92c21a4f4bff8f175aecc8d
-
SHA512
519cf9bad04ca10f3d3eae968e9765d45edb36f2884843195806780fd991d177ba15ba868741fdafa4cc016388fffbd1b83a66af6e9b1ebf931a889db3f7bb7f
Static task
static1
Behavioral task
behavioral1
Sample
2312225289f2153e9a45dbd2b4ace49b8f47d458c92c21a4f4bff8f175aecc8d.dll
Resource
win7-20220223-en
Malware Config
Extracted
danabot
1732
3
64.188.20.187:443
23.254.215.116:443
176.123.2.249:443
-
embedded_hash
1A5FA2708377AC3D9D838807A75CBA8F
-
type
main
Targets
-
-
Target
2312225289f2153e9a45dbd2b4ace49b8f47d458c92c21a4f4bff8f175aecc8d
-
Size
3.7MB
-
MD5
143c5ed31f480133357f132ee8b1299a
-
SHA1
38ca8876390aee7b2bfc83b7ffc81a4ef915f1f3
-
SHA256
2312225289f2153e9a45dbd2b4ace49b8f47d458c92c21a4f4bff8f175aecc8d
-
SHA512
519cf9bad04ca10f3d3eae968e9765d45edb36f2884843195806780fd991d177ba15ba868741fdafa4cc016388fffbd1b83a66af6e9b1ebf931a889db3f7bb7f
-
suricata: ET MALWARE Danabot Key Exchange Request
suricata: ET MALWARE Danabot Key Exchange Request
-
Blocklisted process makes network request
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-