General
-
Target
089b7f10cfd664bca804b9874b27eb7e422b9beeb0fde130d0be896a0fd3a7a6
-
Size
5.8MB
-
Sample
220530-z8yszaffal
-
MD5
1eb6a24716fd336318c026cef758ef72
-
SHA1
0449cdf61ab43908c157f5745dda38d304cee9c3
-
SHA256
089b7f10cfd664bca804b9874b27eb7e422b9beeb0fde130d0be896a0fd3a7a6
-
SHA512
1f2c1e40fe64a0d9dbb50d8840c497dfe7cb1e8c5ed54ee3e6a142abfb19ba8953f09214db4db3e9c520bb5bf192ef44134d607f3e8431cc48d4039139884499
Static task
static1
Behavioral task
behavioral1
Sample
089b7f10cfd664bca804b9874b27eb7e422b9beeb0fde130d0be896a0fd3a7a6.exe
Resource
win7-20220414-en
Malware Config
Extracted
danabot
1827
3
192.3.26.107:443
192.236.147.83:443
23.106.123.141:443
23.106.123.185:443
-
embedded_hash
AEF96B4D339B580ABB737F203C2D0F52
-
type
main
Targets
-
-
Target
089b7f10cfd664bca804b9874b27eb7e422b9beeb0fde130d0be896a0fd3a7a6
-
Size
5.8MB
-
MD5
1eb6a24716fd336318c026cef758ef72
-
SHA1
0449cdf61ab43908c157f5745dda38d304cee9c3
-
SHA256
089b7f10cfd664bca804b9874b27eb7e422b9beeb0fde130d0be896a0fd3a7a6
-
SHA512
1f2c1e40fe64a0d9dbb50d8840c497dfe7cb1e8c5ed54ee3e6a142abfb19ba8953f09214db4db3e9c520bb5bf192ef44134d607f3e8431cc48d4039139884499
-
suricata: ET MALWARE Danabot Key Exchange Request
suricata: ET MALWARE Danabot Key Exchange Request
-
Blocklisted process makes network request
-
Deletes itself
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-