General
-
Target
07da9675d3bc10b24556f52d6367cd6ececa1a82c3b9ba4e32c8b98c38f7d792
-
Size
5.9MB
-
Sample
220531-aq2pgaccep
-
MD5
924a8842dc173cb74872a5a215d1dd4d
-
SHA1
de08c5e3e5e98af24444fc567c7a08c43a021dee
-
SHA256
07da9675d3bc10b24556f52d6367cd6ececa1a82c3b9ba4e32c8b98c38f7d792
-
SHA512
eb31f117a86a4fc6606489bb818f124d16c572d54b542ee5947193218435cbe9d2fb37511e9c0666b2fe49ed6636e5b3e5f6c4c07b10930c2802c75d3569686c
Static task
static1
Behavioral task
behavioral1
Sample
07da9675d3bc10b24556f52d6367cd6ececa1a82c3b9ba4e32c8b98c38f7d792.exe
Resource
win7-20220414-en
Malware Config
Extracted
danabot
1765
3
192.3.26.107:443
193.34.167.88:443
134.119.186.216:443
192.210.198.12:443
-
embedded_hash
A3CC9056F97D33ED99C3617A0B08AA79
-
type
main
Targets
-
-
Target
07da9675d3bc10b24556f52d6367cd6ececa1a82c3b9ba4e32c8b98c38f7d792
-
Size
5.9MB
-
MD5
924a8842dc173cb74872a5a215d1dd4d
-
SHA1
de08c5e3e5e98af24444fc567c7a08c43a021dee
-
SHA256
07da9675d3bc10b24556f52d6367cd6ececa1a82c3b9ba4e32c8b98c38f7d792
-
SHA512
eb31f117a86a4fc6606489bb818f124d16c572d54b542ee5947193218435cbe9d2fb37511e9c0666b2fe49ed6636e5b3e5f6c4c07b10930c2802c75d3569686c
-
suricata: ET MALWARE Danabot Key Exchange Request
suricata: ET MALWARE Danabot Key Exchange Request
-
Blocklisted process makes network request
-
Deletes itself
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-