General
-
Target
25e099168e325ae56bd1885e295d661bc8ce86b7e427b7f5ba65c47407ef4126
-
Size
195KB
-
Sample
220611-wawzyaece4
-
MD5
cf9c7ea658e9d25190ca8332dcd5513e
-
SHA1
fb33788c758b2821192046a4a841f77612840939
-
SHA256
25e099168e325ae56bd1885e295d661bc8ce86b7e427b7f5ba65c47407ef4126
-
SHA512
92ceff373710c51dd519ed44dc10a13cd6fa964094963c38a3ca93024d548118aee03d6815fd78ff997732b5914c7fb45e15999872fbd8637823836fafd87a62
Static task
static1
Behavioral task
behavioral1
Sample
001'_202003_001'.js
Resource
win7-20220414-en
Malware Config
Extracted
danabot
164.175.70.152
89.144.25.243
86.177.194.155
29.195.96.191
29.43.1.29
84.215.94.117
115.58.63.174
89.144.25.104
199.179.34.46
68.48.87.153
Targets
-
-
Target
001'_202003_001'.js
-
Size
1.0MB
-
MD5
d115552252592f589e7412d6650a949e
-
SHA1
ad4c6cd7e85541866f5cd0fa747b7f08a5fe8067
-
SHA256
3b55010b7f8f4e7ded435b29af5d00f98c06dd8f14258355d0049f186f4a6bbc
-
SHA512
461aebb7a488102e3de0c9b807dbf8d04a41737d050dc4ca95bbf8283ee5176845adafee6bf81db83a73af2b67e66f45adaad6a145062ae035208cee71adfa71
-
Danabot x86 payload
Detection of Danabot x86 payload, mapped in memory during the execution of its loader.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-