General
-
Target
0dfc49086d548646c7ce4c7a5c8cc2b739e0dbdd8e25cd05433eedfbf7a0e199
-
Size
816KB
-
Sample
220502-rvt9mahcdq
-
MD5
f8340e0fd74ed7b1584c359426c84126
-
SHA1
2e9c7cec164ae225325fc82f36b64602f0f634a3
-
SHA256
0dfc49086d548646c7ce4c7a5c8cc2b739e0dbdd8e25cd05433eedfbf7a0e199
-
SHA512
1188b879085cfc22a42008654c3437e893455274475686cd0c7762de0ef39594ea3b249f579c11532fe801ef2c5b4ee329bc09ab8e68e8f8b25176e4006c952e
Static task
static1
Behavioral task
behavioral1
Sample
0dfc49086d548646c7ce4c7a5c8cc2b739e0dbdd8e25cd05433eedfbf7a0e199.exe
Resource
win7-20220414-en
Malware Config
Extracted
danabot
179.188.90.35
236.52.255.191
115.151.162.88
208.33.64.109
195.123.220.45
151.236.14.84
52.114.234.13
77.103.60.165
13.225.92.107
180.111.168.9
Targets
-
-
Target
0dfc49086d548646c7ce4c7a5c8cc2b739e0dbdd8e25cd05433eedfbf7a0e199
-
Size
816KB
-
MD5
f8340e0fd74ed7b1584c359426c84126
-
SHA1
2e9c7cec164ae225325fc82f36b64602f0f634a3
-
SHA256
0dfc49086d548646c7ce4c7a5c8cc2b739e0dbdd8e25cd05433eedfbf7a0e199
-
SHA512
1188b879085cfc22a42008654c3437e893455274475686cd0c7762de0ef39594ea3b249f579c11532fe801ef2c5b4ee329bc09ab8e68e8f8b25176e4006c952e
-
Danabot x86 payload
Detection of Danabot x86 payload, mapped in memory during the execution of its loader.
-
Blocklisted process makes network request
-
Deletes itself
-
Loads dropped DLL
-