General
-
Target
284eb686af9cb14c8176f47708136a9643af1b5c5102b61737735c6a04bef4fc
-
Size
1.0MB
-
Sample
220627-jqjy4abfc6
-
MD5
ba55442cdf361e070f7ca8a07046cd38
-
SHA1
e61d143672c9bad99472aa885003a20574eddf32
-
SHA256
284eb686af9cb14c8176f47708136a9643af1b5c5102b61737735c6a04bef4fc
-
SHA512
a6e1669bf9a159d3d36aa24e7210854667c144f0f34c7d38fb6c2848d1687964c7d48d7760f99898eb4eb8d8eebf1be595890e80273c7d4326069c2a9d13feff
Static task
static1
Behavioral task
behavioral1
Sample
284eb686af9cb14c8176f47708136a9643af1b5c5102b61737735c6a04bef4fc.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
284eb686af9cb14c8176f47708136a9643af1b5c5102b61737735c6a04bef4fc.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
danabot
100.0.0.0:5148
58.50.42.34:13886
26.18.10.2:5662
60.52.44.36:14400
-
embedded_hash
zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
-
type
loader
Extracted
danabot
3829762824
0.0.233.180:63873
0.0.0.235:0
115.139.85.12:17803
51.201.138.10:3141
-
embedded_hash
s�t�e�m�.�I�d�e�n�t�i�t�y�M�o�d�
-
type
loader
Targets
-
-
Target
284eb686af9cb14c8176f47708136a9643af1b5c5102b61737735c6a04bef4fc
-
Size
1.0MB
-
MD5
ba55442cdf361e070f7ca8a07046cd38
-
SHA1
e61d143672c9bad99472aa885003a20574eddf32
-
SHA256
284eb686af9cb14c8176f47708136a9643af1b5c5102b61737735c6a04bef4fc
-
SHA512
a6e1669bf9a159d3d36aa24e7210854667c144f0f34c7d38fb6c2848d1687964c7d48d7760f99898eb4eb8d8eebf1be595890e80273c7d4326069c2a9d13feff
-
Blocklisted process makes network request
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-