General
-
Target
35379405458f08be8afec4ffd8dda80be6234a9c636fc067b86c9ae49a13f117
-
Size
2.1MB
-
Sample
220619-w3s4raahd3
-
MD5
1d6f0d35867605b8bdcc35ac82ab5583
-
SHA1
1a884c19b7f9111a0bf1a63410b67fce3f6a0c1b
-
SHA256
35379405458f08be8afec4ffd8dda80be6234a9c636fc067b86c9ae49a13f117
-
SHA512
7aa99fc795e54705ca9a06e662a97457884c19dbd778e585e7ba18fbf0f1ba29fd163e2cf23188e743ca07358454585088bd794f1976212c853835e134b5d1b1
Static task
static1
Behavioral task
behavioral1
Sample
CRA_INV_2019_365321426273/CRA_INV_2019_365321426273.vbs
Resource
win7-20220414-en
Malware Config
Extracted
danabot
181.63.44.194
207.148.83.108
45.77.40.71
87.115.138.169
24.229.48.7
116.111.206.27
45.196.143.203
218.65.3.199
131.59.110.186
113.81.97.96
Targets
-
-
Target
CRA_INV_2019_365321426273/CRA_INV_2019_365321426273.vbs
-
Size
23.7MB
-
MD5
611c2bf7aa7bb62e90f3a92f3682c0b5
-
SHA1
4a863046a56c0582ac43acabd7f465c725392799
-
SHA256
f74001bcf33072d683af2fcd20b1e0f1902b86a33898b37df1f364c31136a4ee
-
SHA512
24adbc4cf7ebed6ac6f5a9a08396d41af15f1d6586890d43be40dd6220f746bcd8ebf2d6bee4a8632a406842e8ece0afff4dfde2e58aabedd19ea15ee3984c60
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-