General
-
Target
172b33e43cbb3ad6705549f5b3af1025e5632ca47d735ec9eb038e169b8e651d
-
Size
1.0MB
-
Sample
220627-e6lqeahacj
-
MD5
eae5ee3121523c718094873f56b64bce
-
SHA1
adbc2b251f69f04086e4cf6af74544bcd025d5de
-
SHA256
172b33e43cbb3ad6705549f5b3af1025e5632ca47d735ec9eb038e169b8e651d
-
SHA512
f27a60a5d3563a3c04ee2114cdf4526be5511acb9f81b0030024a30f3c81e75765844cd3047813050f4c56d8859ec6006a11a0c13c5091aa7a34d501d48f4e95
Static task
static1
Behavioral task
behavioral1
Sample
172b33e43cbb3ad6705549f5b3af1025e5632ca47d735ec9eb038e169b8e651d.exe
Resource
win7-20220414-en
Malware Config
Extracted
danabot
100.0.0.0:5148
58.50.42.34:13886
26.18.10.2:5662
60.52.44.36:14400
-
embedded_hash
zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
-
type
loader
Extracted
danabot
155782649
148.9.73.9:2377
73.9.73.9:2377
73.9.73.9:2450
-
type
loader
Targets
-
-
Target
172b33e43cbb3ad6705549f5b3af1025e5632ca47d735ec9eb038e169b8e651d
-
Size
1.0MB
-
MD5
eae5ee3121523c718094873f56b64bce
-
SHA1
adbc2b251f69f04086e4cf6af74544bcd025d5de
-
SHA256
172b33e43cbb3ad6705549f5b3af1025e5632ca47d735ec9eb038e169b8e651d
-
SHA512
f27a60a5d3563a3c04ee2114cdf4526be5511acb9f81b0030024a30f3c81e75765844cd3047813050f4c56d8859ec6006a11a0c13c5091aa7a34d501d48f4e95
-
Blocklisted process makes network request
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-