General
-
Target
6787ef5832c890f5d9117f4d8bc85601100e7f236ad5830a4a00e64cb3160d7b
-
Size
4.4MB
-
Sample
220319-hkfttaddcr
-
MD5
bbbf9b08ee68f03a9b314a0bb24493bb
-
SHA1
b63a49aa78bd940599ef14ad71fa56cb96ae0aff
-
SHA256
6787ef5832c890f5d9117f4d8bc85601100e7f236ad5830a4a00e64cb3160d7b
-
SHA512
69449cb2add2fea73be89ead33182580b05f97b94f3ae77867ac44e3a017e360ea317f49c5105e7f8f60d913bc8ec63dd555bd8aab63f0ff2c9ef3ecc9176afd
Static task
static1
Behavioral task
behavioral1
Sample
6787ef5832c890f5d9117f4d8bc85601100e7f236ad5830a4a00e64cb3160d7b.exe
Resource
win7-20220310-en
Malware Config
Extracted
danabot
1732
3
23.106.123.249:443
64.188.20.187:443
108.62.118.103:443
104.227.34.227:443
-
embedded_hash
7851EC18309CA04099F7F0BE42FF6C04
-
type
main
Targets
-
-
Target
6787ef5832c890f5d9117f4d8bc85601100e7f236ad5830a4a00e64cb3160d7b
-
Size
4.4MB
-
MD5
bbbf9b08ee68f03a9b314a0bb24493bb
-
SHA1
b63a49aa78bd940599ef14ad71fa56cb96ae0aff
-
SHA256
6787ef5832c890f5d9117f4d8bc85601100e7f236ad5830a4a00e64cb3160d7b
-
SHA512
69449cb2add2fea73be89ead33182580b05f97b94f3ae77867ac44e3a017e360ea317f49c5105e7f8f60d913bc8ec63dd555bd8aab63f0ff2c9ef3ecc9176afd
-
suricata: ET MALWARE Danabot Key Exchange Request
suricata: ET MALWARE Danabot Key Exchange Request
-
Blocklisted process makes network request
-
Deletes itself
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-