General
-
Target
0e7a6f68a24dab058792a0f8e5bdd2f7b62fb3caf112e3742c25f204a688594b
-
Size
2.1MB
-
Sample
220604-xgpd4sfeem
-
MD5
6c9d00bdd813e7288bb83030e6ec37c5
-
SHA1
cdd64358fcd7d823282465ce63b8b64ece82a139
-
SHA256
0e7a6f68a24dab058792a0f8e5bdd2f7b62fb3caf112e3742c25f204a688594b
-
SHA512
ec3a0fb51154fcad1384f7a868de29962f753caaab3e9a1a8d4c3bb8c2ed2fa02989f06e17c1a9f71e787af6e39fa2e1bda272456723f52271c5b6aed8e537d4
Static task
static1
Behavioral task
behavioral1
Sample
CRA_INV_2019_568865666921/CRA_INV_2019_568865666921.vbs
Resource
win7-20220414-en
Malware Config
Extracted
danabot
181.63.44.194
207.148.83.108
45.77.40.71
87.115.138.169
24.229.48.7
116.111.206.27
45.196.143.203
218.65.3.199
131.59.110.186
113.81.97.96
Targets
-
-
Target
CRA_INV_2019_568865666921/CRA_INV_2019_568865666921.vbs
-
Size
22.6MB
-
MD5
5d970965b78013545a9c0d32eb10ee61
-
SHA1
29c055edc3c0de81add7741034f2aa8f038bc638
-
SHA256
50b32f4330ee0822a8010830064aaae8d58a32e556cf77e4dcb624e640ec2234
-
SHA512
a4a344f279c156edc1ed6d5c072962006ab84781f9ed5e3b718d94559c3fb6b6dcdf429020a1458528edd957334c718c7fe641117b5f50fad4a2d18ec5b723a5
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-