General
-
Target
68EE7EE7983F90BCBAE20FB9EA3A46DD25BED22A89F8B.exe
-
Size
3.9MB
-
Sample
220625-vtn8rsfcd6
-
MD5
62b0fc496f6adea7a67a190ad894860e
-
SHA1
de684df44e9cb64985ecdb18a2f6dd99c87b0862
-
SHA256
68ee7ee7983f90bcbae20fb9ea3a46dd25bed22a89f8b21515a3460bbd8cb78e
-
SHA512
48a4b01a5b559326b8fa51a074373e4b24511f51ca54a08ec5331ec8376249b77966dee698ed9ddd453e2062e586c0ec02be48bd13b1819583a3984c1645de0e
Static task
static1
Behavioral task
behavioral1
Sample
68EE7EE7983F90BCBAE20FB9EA3A46DD25BED22A89F8B.exe
Resource
win7-20220414-en
Malware Config
Extracted
danabot
1755
3
192.236.192.241:443
134.119.186.199:443
193.34.167.163:443
192.236.192.238:443
-
embedded_hash
82C66843DE542BC5CB88F713DE39B52B
-
type
main
Targets
-
-
Target
68EE7EE7983F90BCBAE20FB9EA3A46DD25BED22A89F8B.exe
-
Size
3.9MB
-
MD5
62b0fc496f6adea7a67a190ad894860e
-
SHA1
de684df44e9cb64985ecdb18a2f6dd99c87b0862
-
SHA256
68ee7ee7983f90bcbae20fb9ea3a46dd25bed22a89f8b21515a3460bbd8cb78e
-
SHA512
48a4b01a5b559326b8fa51a074373e4b24511f51ca54a08ec5331ec8376249b77966dee698ed9ddd453e2062e586c0ec02be48bd13b1819583a3984c1645de0e
-
suricata: ET MALWARE Danabot Key Exchange Request
suricata: ET MALWARE Danabot Key Exchange Request
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-