General
-
Target
244b5656b4f18ed296ce284cce8dfb7f3c580a46ead28f946a69adcd4c7e997c
-
Size
309KB
-
Sample
220502-3c4acseehq
-
MD5
6d95ab2b8de3907593197889a75aabba
-
SHA1
dff3ba1c1c9d85a6eda88250eed168eb1c333214
-
SHA256
244b5656b4f18ed296ce284cce8dfb7f3c580a46ead28f946a69adcd4c7e997c
-
SHA512
da7c1a7c55e856cdfd21cd88567c8e6bfa6d4dd9b34b2a9b4d473d3084813ee23f055bd4510815247258b1c3e413882da7c941c99180616794da44cf3f181f82
Static task
static1
Behavioral task
behavioral1
Sample
7827_99_83872.vbs
Resource
win7-20220414-en
Malware Config
Extracted
danabot
1.5.78.29
71.61.197.13
128.43.39.106
68.164.114.181
243.7.235.34
185.92.222.238
192.71.249.51
42.180.72.123
159.159.89.172
135.231.151.187
Targets
-
-
Target
7827_99_83872.vbs
-
Size
1.4MB
-
MD5
c9510672ebc4fc0795a731a02d89fcc6
-
SHA1
1c7d106778171f2e0b54a0db69cbe5364e8f6fd5
-
SHA256
cb0a6515ebf78cceb86464ac829ea872eea726aa7b8e34b8b43e1f7f36791711
-
SHA512
8dee2bdad143a339074faf05a824983d722bd6b30cc9f9a4b8632ec277d87ee5edee77ec6d5713946681795165c105b570b6621313884e6eb7b1ac7d46dc7c33
-
Danabot x86 payload
Detection of Danabot x86 payload, mapped in memory during the execution of its loader.
-
Blocklisted process makes network request
-
Loads dropped DLL
-