General
-
Target
5F680F21F56A020F344352AEFB59D2598ECB111DCA0F7.dll
-
Size
5.7MB
-
Sample
220626-wfp4ksbggk
-
MD5
05f54992e803dd5ade0c004478ee12f1
-
SHA1
52a564662ff52be4509590fb44ef9fcdf8101fdb
-
SHA256
5f680f21f56a020f344352aefb59d2598ecb111dca0f7573cd1ab8000a14f11e
-
SHA512
1468845fe6448dacc66f8bcc1a91412d3ea388259860588becbc9947faee92366adc28924128f01df453f3133b9527e10d2bf9427a850802ebec4aec4432f18f
Static task
static1
Behavioral task
behavioral1
Sample
5F680F21F56A020F344352AEFB59D2598ECB111DCA0F7.dll
Resource
win7-20220414-en
Malware Config
Extracted
danabot
1765
3
192.236.146.203:443
192.161.48.5:443
192.236.162.42:443
192.3.26.98:443
-
embedded_hash
B2585F6479280F48B64C99F950BBF36D
-
type
main
Targets
-
-
Target
5F680F21F56A020F344352AEFB59D2598ECB111DCA0F7.dll
-
Size
5.7MB
-
MD5
05f54992e803dd5ade0c004478ee12f1
-
SHA1
52a564662ff52be4509590fb44ef9fcdf8101fdb
-
SHA256
5f680f21f56a020f344352aefb59d2598ecb111dca0f7573cd1ab8000a14f11e
-
SHA512
1468845fe6448dacc66f8bcc1a91412d3ea388259860588becbc9947faee92366adc28924128f01df453f3133b9527e10d2bf9427a850802ebec4aec4432f18f
-
suricata: ET MALWARE Danabot Key Exchange Request
suricata: ET MALWARE Danabot Key Exchange Request
-
Blocklisted process makes network request
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-