General
-
Target
20B4D989D117848BEA18B1DA3E0E7E27E890BDF54A84D.dll
-
Size
5.7MB
-
Sample
220528-q8ntbsghep
-
MD5
9a0ee7f30abfa893ebeadc7dd6245da1
-
SHA1
3b4859a6ce1836ba3b7ca1ecd48d8a6d2a28a479
-
SHA256
20b4d989d117848bea18b1da3e0e7e27e890bdf54a84d17da331ceb657d8a08b
-
SHA512
eee62ca4fa865de44638a2713de89ebfd7892a60e18c26d6be96ff2cc32473de635c56d24c7581ab7c8e92a253d632350954287b99199308d50fbabd20f66154
Static task
static1
Behavioral task
behavioral1
Sample
20B4D989D117848BEA18B1DA3E0E7E27E890BDF54A84D.dll
Resource
win7-20220414-en
Malware Config
Extracted
danabot
1827
3
192.236.147.83:443
23.106.123.185:443
23.106.123.141:443
192.210.198.12:443
-
embedded_hash
AEF96B4D339B580ABB737F203C2D0F52
-
type
main
Targets
-
-
Target
20B4D989D117848BEA18B1DA3E0E7E27E890BDF54A84D.dll
-
Size
5.7MB
-
MD5
9a0ee7f30abfa893ebeadc7dd6245da1
-
SHA1
3b4859a6ce1836ba3b7ca1ecd48d8a6d2a28a479
-
SHA256
20b4d989d117848bea18b1da3e0e7e27e890bdf54a84d17da331ceb657d8a08b
-
SHA512
eee62ca4fa865de44638a2713de89ebfd7892a60e18c26d6be96ff2cc32473de635c56d24c7581ab7c8e92a253d632350954287b99199308d50fbabd20f66154
-
suricata: ET MALWARE Danabot Key Exchange Request
suricata: ET MALWARE Danabot Key Exchange Request
-
Blocklisted process makes network request
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-