General
-
Target
31d9f83f9def70ebaf0cd93f048be889dc91c8e0435975ff2fabef05ba9d38ca
-
Size
4.9MB
-
Sample
220620-v8sjqsgedl
-
MD5
0f5b10a001ade64daf39500659649cdb
-
SHA1
61f2cf003225cb5b38dd37ce65bb4ddf30bc62d0
-
SHA256
31d9f83f9def70ebaf0cd93f048be889dc91c8e0435975ff2fabef05ba9d38ca
-
SHA512
5f364726cf32cef37fe17c1d977f0669d5fd8a8753e7d11fbd48c000ac4cf35ce19d15d5684c5053f6d153599f8f7d62100f01e0a23edbf5cee84c9f2e5902f8
Static task
static1
Behavioral task
behavioral1
Sample
31d9f83f9def70ebaf0cd93f048be889dc91c8e0435975ff2fabef05ba9d38ca.exe
Resource
win7-20220414-en
Malware Config
Extracted
danabot
1732
3
108.62.118.103:443
108.62.141.152:443
104.144.64.163:443
23.226.132.92:443
-
embedded_hash
49574F66CD0103BBD725C08A9805C2BE
-
type
main
Targets
-
-
Target
31d9f83f9def70ebaf0cd93f048be889dc91c8e0435975ff2fabef05ba9d38ca
-
Size
4.9MB
-
MD5
0f5b10a001ade64daf39500659649cdb
-
SHA1
61f2cf003225cb5b38dd37ce65bb4ddf30bc62d0
-
SHA256
31d9f83f9def70ebaf0cd93f048be889dc91c8e0435975ff2fabef05ba9d38ca
-
SHA512
5f364726cf32cef37fe17c1d977f0669d5fd8a8753e7d11fbd48c000ac4cf35ce19d15d5684c5053f6d153599f8f7d62100f01e0a23edbf5cee84c9f2e5902f8
-
Blocklisted process makes network request
-
Deletes itself
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-