General
-
Target
1786eeaf18edf62b9e6f500924f673494bba309f29d092a86cb57db5e9e6e5e5
-
Size
2.1MB
-
Sample
220608-zfwg5sgcgj
-
MD5
07e5651d1ad59245b06802ae3d1cce59
-
SHA1
80a5d6fb874ad72f2353affa4c805d87588ddeb3
-
SHA256
1786eeaf18edf62b9e6f500924f673494bba309f29d092a86cb57db5e9e6e5e5
-
SHA512
39429c2b5f39dab9afb4a1f6ca4032b6f14a192dc89ea8717b5739676377e99449a2b49e6702d100d12a0a5d36967f04cd70bc14e5fdb27fd9c6160c87e4cbd5
Static task
static1
Behavioral task
behavioral1
Sample
CRA_INV_2019_355240142932/CRA_INV_2019_355240142932.vbs
Resource
win7-20220414-en
Malware Config
Extracted
danabot
181.63.44.194
207.148.83.108
45.77.40.71
87.115.138.169
24.229.48.7
116.111.206.27
45.196.143.203
218.65.3.199
131.59.110.186
113.81.97.96
Targets
-
-
Target
CRA_INV_2019_355240142932/CRA_INV_2019_355240142932.vbs
-
Size
24.3MB
-
MD5
350e751bb68ade139e174d65008eebe0
-
SHA1
f235f388686573edd1475f337c9b5b34afd4b9e1
-
SHA256
d39e3c62fb0b70846240f3d73a3885d5024eebcc9e61fa77f5ebbb450fbf7620
-
SHA512
3b34c36fd8e2e9b83150cfe652bc34c615b0017174f35d4ba2513d63b73aa51ae75c928f7e6307bd29d9adeb3222cb6ba8f19c0feeab53d2cf2f66ca43394f47
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-