Behavioral task
behavioral1
Sample
1920-57-0x00000000026B0000-0x0000000002D0E000-memory.dll
Resource
win7-20220311-en
Behavioral task
behavioral2
Sample
1920-57-0x00000000026B0000-0x0000000002D0E000-memory.dll
Resource
win10v2004-en-20220113
General
-
Target
1920-57-0x00000000026B0000-0x0000000002D0E000-memory.dmp
-
Size
6.4MB
-
MD5
c842f250d6855a0182937ccc80a01f52
-
SHA1
9dd46c4f12344d620d4564675846e44cdaaea668
-
SHA256
8680837cefa0baf00e77919cc01f39d421649012c5f5370fdf04be4ebc006274
-
SHA512
5e8b7ce9c57e1960f56f5ac65dd8249596400c694999aede9df08d368010b83412dccc0c035a02cb62526e461fcf6969d4f5eeb57e3cb44b99acdf41cc5060cf
-
SSDEEP
98304:dfOA0OmuqMWaDPEQ4QlIrHp+GobWiI5Lkwu1UnHnVSPCR:EA0Oi50b0Du1ST
Malware Config
Extracted
danabot
1755
3
193.34.167.163:443
134.119.186.198:443
78.138.98.136:443
104.168.156.222:443
-
embedded_hash
82C66843DE542BC5CB88F713DE39B52B
-
type
main
Signatures
-
Danabot family
Files
-
1920-57-0x00000000026B0000-0x0000000002D0E000-memory.dmp.dll windows x86
Code Sign
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
.text Size: 4.5MB - Virtual size: 38.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.itext Size: 6KB - Virtual size: 43.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 475KB - Virtual size: 43.2MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.bss Size: - Virtual size: 43.7MB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 16KB - Virtual size: 44.8MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.didata Size: 1KB - Virtual size: 44.8MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.edata Size: 512B - Virtual size: 44.8MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 44.8MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 239KB - Virtual size: 44.8MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc Size: 20KB - Virtual size: 45.0MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ