General
-
Target
5aab954a5986b6ba257d0ef5acb1831b93c2794d451448633d14da9b1757dc78.vbs
-
Size
2.0MB
-
Sample
220514-gn7k9sfdg5
-
MD5
0d3d3c9053c6eeb36e6a42b29517d3a2
-
SHA1
18183f3682256080eef046b954717404b369924f
-
SHA256
5aab954a5986b6ba257d0ef5acb1831b93c2794d451448633d14da9b1757dc78
-
SHA512
a3d45d659239bf783e11468debf7d6534709f4f9e98ea66b55876b40965975da5a0b09d92afed6c99ca80fc3440e8202213ab18310c496d3eb9bb11b4d223960
Static task
static1
Behavioral task
behavioral1
Sample
5aab954a5986b6ba257d0ef5acb1831b93c2794d451448633d14da9b1757dc78.vbs
Resource
win7-20220414-en
Malware Config
Extracted
danabot
195.123.220.45
84.141.50.190
215.212.21.6
237.250.131.153
59.37.192.38
155.120.247.148
142.167.76.43
75.56.111.148
195.123.246.209
68.158.26.25
Targets
-
-
Target
5aab954a5986b6ba257d0ef5acb1831b93c2794d451448633d14da9b1757dc78.vbs
-
Size
2.0MB
-
MD5
0d3d3c9053c6eeb36e6a42b29517d3a2
-
SHA1
18183f3682256080eef046b954717404b369924f
-
SHA256
5aab954a5986b6ba257d0ef5acb1831b93c2794d451448633d14da9b1757dc78
-
SHA512
a3d45d659239bf783e11468debf7d6534709f4f9e98ea66b55876b40965975da5a0b09d92afed6c99ca80fc3440e8202213ab18310c496d3eb9bb11b4d223960
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-