General
-
Target
a213c607bbace81a31e12bb7871cc6acda265b5c19f61593e49d9a3124ccb992
-
Size
4.4MB
-
Sample
220319-hrmwpsdfbl
-
MD5
758479c598ae9f73822b944914063868
-
SHA1
b06e935e4e660733e049995f299fc84dcf6daf90
-
SHA256
a213c607bbace81a31e12bb7871cc6acda265b5c19f61593e49d9a3124ccb992
-
SHA512
cbf6fb876246e6e999fa6c68db887077c27e9e71dc17cecb7bd38db51e3b0fe0788ad6315893af52a609f0ba6b7bbb0d62be0825007c210a6c46c62336db0ddd
Static task
static1
Behavioral task
behavioral1
Sample
a213c607bbace81a31e12bb7871cc6acda265b5c19f61593e49d9a3124ccb992.exe
Resource
win7-20220311-en
Malware Config
Extracted
danabot
1732
3
23.226.132.92:443
176.123.6.168:443
108.62.141.152:443
192.241.101.68:443
-
embedded_hash
DE420A65BFC5F29167A85A5199065A0E
-
type
main
Targets
-
-
Target
a213c607bbace81a31e12bb7871cc6acda265b5c19f61593e49d9a3124ccb992
-
Size
4.4MB
-
MD5
758479c598ae9f73822b944914063868
-
SHA1
b06e935e4e660733e049995f299fc84dcf6daf90
-
SHA256
a213c607bbace81a31e12bb7871cc6acda265b5c19f61593e49d9a3124ccb992
-
SHA512
cbf6fb876246e6e999fa6c68db887077c27e9e71dc17cecb7bd38db51e3b0fe0788ad6315893af52a609f0ba6b7bbb0d62be0825007c210a6c46c62336db0ddd
-
Blocklisted process makes network request
-
Deletes itself
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-