General
-
Target
172b33e43cbb3ad6705549f5b3af1025e5632ca47d735ec9eb038e169b8e651d
-
Size
1.0MB
-
Sample
220627-jz34bsbff9
-
MD5
eae5ee3121523c718094873f56b64bce
-
SHA1
adbc2b251f69f04086e4cf6af74544bcd025d5de
-
SHA256
172b33e43cbb3ad6705549f5b3af1025e5632ca47d735ec9eb038e169b8e651d
-
SHA512
f27a60a5d3563a3c04ee2114cdf4526be5511acb9f81b0030024a30f3c81e75765844cd3047813050f4c56d8859ec6006a11a0c13c5091aa7a34d501d48f4e95
Static task
static1
Behavioral task
behavioral1
Sample
172b33e43cbb3ad6705549f5b3af1025e5632ca47d735ec9eb038e169b8e651d.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
172b33e43cbb3ad6705549f5b3af1025e5632ca47d735ec9eb038e169b8e651d.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
danabot
100.0.0.0:5148
58.50.42.34:13886
26.18.10.2:5662
60.52.44.36:14400
-
embedded_hash
zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
-
type
loader
Extracted
danabot
4256732557
232.119.65.131:35328
255.141.133.128:336
254.255.255.139:36097
21.216.173.203:65534
-
embedded_hash
��\���������\�����\�������~B�E
-
type
loader
Targets
-
-
Target
172b33e43cbb3ad6705549f5b3af1025e5632ca47d735ec9eb038e169b8e651d
-
Size
1.0MB
-
MD5
eae5ee3121523c718094873f56b64bce
-
SHA1
adbc2b251f69f04086e4cf6af74544bcd025d5de
-
SHA256
172b33e43cbb3ad6705549f5b3af1025e5632ca47d735ec9eb038e169b8e651d
-
SHA512
f27a60a5d3563a3c04ee2114cdf4526be5511acb9f81b0030024a30f3c81e75765844cd3047813050f4c56d8859ec6006a11a0c13c5091aa7a34d501d48f4e95
-
Blocklisted process makes network request
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-