General
-
Target
0eb8f8d02e436aee319f2e02d80b65807629656efe9df2983d3e15dd89e60c1d
-
Size
2.3MB
-
Sample
220604-wkfqpshha6
-
MD5
ed5f4c85e773248892bd2e6a63378e00
-
SHA1
a24081c9340205ebe989114173a5a827bae9d6ac
-
SHA256
0eb8f8d02e436aee319f2e02d80b65807629656efe9df2983d3e15dd89e60c1d
-
SHA512
f29f0885041af2fe6dacd7accb8fa0563ccb7c1ab4c6a6bb123e1758db639c8cc5ed279508b1c8d8c1529a78dc1189cd27380bd52fafad46911e09c177e2b5ad
Static task
static1
Behavioral task
behavioral1
Sample
0eb8f8d02e436aee319f2e02d80b65807629656efe9df2983d3e15dd89e60c1d.exe
Resource
win7-20220414-en
Malware Config
Extracted
danabot
238.224.65.50
144.163.86.55
189.71.163.127
25.86.20.188
41.94.90.44
195.123.220.45
88.68.171.120
126.34.235.52
165.66.47.117
195.123.246.209
Targets
-
-
Target
0eb8f8d02e436aee319f2e02d80b65807629656efe9df2983d3e15dd89e60c1d
-
Size
2.3MB
-
MD5
ed5f4c85e773248892bd2e6a63378e00
-
SHA1
a24081c9340205ebe989114173a5a827bae9d6ac
-
SHA256
0eb8f8d02e436aee319f2e02d80b65807629656efe9df2983d3e15dd89e60c1d
-
SHA512
f29f0885041af2fe6dacd7accb8fa0563ccb7c1ab4c6a6bb123e1758db639c8cc5ed279508b1c8d8c1529a78dc1189cd27380bd52fafad46911e09c177e2b5ad
-
Danabot x86 payload
Detection of Danabot x86 payload, mapped in memory during the execution of its loader.
-
Blocklisted process makes network request
-
Deletes itself
-
Loads dropped DLL
-