General
-
Target
3636bb4d7a81b707d75b8bae453b36392e899e04b03c31d6f472d9ba087be90a
-
Size
5.9MB
-
Sample
220626-dslmtaghc4
-
MD5
0345d4c916d2c9616725311f373a076d
-
SHA1
c89e3b9fb34f2a01883fa89b2fa9cc251a369cca
-
SHA256
3636bb4d7a81b707d75b8bae453b36392e899e04b03c31d6f472d9ba087be90a
-
SHA512
3ac77c8503a8128e434117b124809df04317fad58ecd91170a27cf69fa126f955eb9a93977eef0c00a3d1909e6c5f547a687ae8d36af0b3023a5304414902db3
Static task
static1
Behavioral task
behavioral1
Sample
3636bb4d7a81b707d75b8bae453b36392e899e04b03c31d6f472d9ba087be90a.exe
Resource
win7-20220414-en
Malware Config
Extracted
danabot
1827
3
192.3.26.107:443
193.34.167.88:443
134.119.186.216:443
192.210.198.12:443
-
embedded_hash
AEF96B4D339B580ABB737F203C2D0F52
-
type
main
Targets
-
-
Target
3636bb4d7a81b707d75b8bae453b36392e899e04b03c31d6f472d9ba087be90a
-
Size
5.9MB
-
MD5
0345d4c916d2c9616725311f373a076d
-
SHA1
c89e3b9fb34f2a01883fa89b2fa9cc251a369cca
-
SHA256
3636bb4d7a81b707d75b8bae453b36392e899e04b03c31d6f472d9ba087be90a
-
SHA512
3ac77c8503a8128e434117b124809df04317fad58ecd91170a27cf69fa126f955eb9a93977eef0c00a3d1909e6c5f547a687ae8d36af0b3023a5304414902db3
-
suricata: ET MALWARE Danabot Key Exchange Request
suricata: ET MALWARE Danabot Key Exchange Request
-
Blocklisted process makes network request
-
Deletes itself
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-