General
-
Target
10a2538524ffb136914ef0de4e7d085e8dbf752129edb0f005edc3ac03bd59e9
-
Size
195KB
-
Sample
220604-nwdrgsdhf6
-
MD5
99e39d24a1a7f42a0a93649d68f2c927
-
SHA1
93a9ee4c1541b37318a1b514062be276e5879f96
-
SHA256
10a2538524ffb136914ef0de4e7d085e8dbf752129edb0f005edc3ac03bd59e9
-
SHA512
c5571d1c35e76031161b5c9d1970d62cac7d6e1b87b65c161a3eca99b75bf3006273cde2587ee5f9a0b1728d059be9e59cfdbee00e0d78c4f6899e08c93c0d82
Static task
static1
Behavioral task
behavioral1
Sample
01001992_92992.js
Resource
win7-20220414-en
Malware Config
Extracted
danabot
164.175.70.152
89.144.25.243
86.177.194.155
29.195.96.191
29.43.1.29
84.215.94.117
115.58.63.174
89.144.25.104
199.179.34.46
68.48.87.153
Targets
-
-
Target
01001992_92992.js
-
Size
1.0MB
-
MD5
d115552252592f589e7412d6650a949e
-
SHA1
ad4c6cd7e85541866f5cd0fa747b7f08a5fe8067
-
SHA256
3b55010b7f8f4e7ded435b29af5d00f98c06dd8f14258355d0049f186f4a6bbc
-
SHA512
461aebb7a488102e3de0c9b807dbf8d04a41737d050dc4ca95bbf8283ee5176845adafee6bf81db83a73af2b67e66f45adaad6a145062ae035208cee71adfa71
-
Danabot x86 payload
Detection of Danabot x86 payload, mapped in memory during the execution of its loader.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-