danabot | 172b33e43cbb3ad6705549f5b3af1025e5632ca47d735ec9eb038e169b8e651d

General

Target

172b33e43cbb3ad6705549f5b3af1025e5632ca47d735ec9eb038e169b8e651d.exe
Size

1.0MB
MD5

eae5ee3121523c718094873f56b64bce
SHA1

adbc2b251f69f04086e4cf6af74544bcd025d5de
SHA256

172b33e43cbb3ad6705549f5b3af1025e5632ca47d735ec9eb038e169b8e651d
SHA512

f27a60a5d3563a3c04ee2114cdf4526be5511acb9f81b0030024a30f3c81e75765844cd3047813050f4c56d8859ec6006a11a0c13c5091aa7a34d501d48f4e95

Score

10^/10

danabot 4256732557 banker collection discovery spyware stealer trojan

Malware Config

Extracted

Family

danabot

C2

100.0.0.0:5148

58.50.42.34:13886

26.18.10.2:5662

60.52.44.36:14400

Attributes

embedded_hash
zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
type
loader

Extracted

Family

danabot

Botnet

4256732557

C2

232.119.65.131:35328

255.141.133.128:336

254.255.255.139:36097

21.216.173.203:65534

Attributes

embedded_hash
��\��\��\��~B�E
type
loader

Signatures

Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
trojan banker danabot
Blocklisted process makes network request 3 IoCs

Processes:

rundll32.exe

flow pid process

9 4116 rundll32.exe
11 4116 rundll32.exe
12 4116 rundll32.exe
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

flow	pid	process
9	4116	rundll32.exe
11	4116	rundll32.exe
12	4116	rundll32.exe

Accesses Microsoft Outlook accounts 1 TTPs 1 IoCs

collection

Email Collection

T1114

Processes:

rundll32.exe

description	ioc	process
Key opened	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts	rundll32.exe

Accesses Microsoft Outlook profiles 1 TTPs 4 IoCs

collection

Email Collection

T1114

Processes:

rundll32.exe

description	ioc	process
Key opened	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	rundll32.exe
Key opened	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	rundll32.exe
Key opened	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook	rundll32.exe
Key opened	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	rundll32.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Suspicious use of SetThreadContext 1 IoCs

Processes:

172b33e43cbb3ad6705549f5b3af1025e5632ca47d735ec9eb038e169b8e651d.exe

description	pid	process	target process
PID 4344 set thread context of 5060	4344	172b33e43cbb3ad6705549f5b3af1025e5632ca47d735ec9eb038e169b8e651d.exe	rundll32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Program crash 4 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
1584	4344	WerFault.exe	172b33e43cbb3ad6705549f5b3af1025e5632ca47d735ec9eb038e169b8e651d.exe
5112	4344	WerFault.exe	172b33e43cbb3ad6705549f5b3af1025e5632ca47d735ec9eb038e169b8e651d.exe
2568	4344	WerFault.exe	172b33e43cbb3ad6705549f5b3af1025e5632ca47d735ec9eb038e169b8e651d.exe
3696	4344	WerFault.exe	172b33e43cbb3ad6705549f5b3af1025e5632ca47d735ec9eb038e169b8e651d.exe

Checks processor information in registry 2 TTPs 37 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

rundll32.exe172b33e43cbb3ad6705549f5b3af1025e5632ca47d735ec9eb038e169b8e651d.exe

description	ioc	process
Key enumerated	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor	rundll32.exe
Key value enumerated	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Identifier	rundll32.exe
Key value enumerated	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	172b33e43cbb3ad6705549f5b3af1025e5632ca47d735ec9eb038e169b8e651d.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	172b33e43cbb3ad6705549f5b3af1025e5632ca47d735ec9eb038e169b8e651d.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform Specific Field 1	172b33e43cbb3ad6705549f5b3af1025e5632ca47d735ec9eb038e169b8e651d.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor	172b33e43cbb3ad6705549f5b3af1025e5632ca47d735ec9eb038e169b8e651d.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\VendorIdentifier	172b33e43cbb3ad6705549f5b3af1025e5632ca47d735ec9eb038e169b8e651d.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Status	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Configuration Data	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Component Information	172b33e43cbb3ad6705549f5b3af1025e5632ca47d735ec9eb038e169b8e651d.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	172b33e43cbb3ad6705549f5b3af1025e5632ca47d735ec9eb038e169b8e651d.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Identifier	172b33e43cbb3ad6705549f5b3af1025e5632ca47d735ec9eb038e169b8e651d.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Platform Specific Field 1	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	rundll32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	172b33e43cbb3ad6705549f5b3af1025e5632ca47d735ec9eb038e169b8e651d.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	172b33e43cbb3ad6705549f5b3af1025e5632ca47d735ec9eb038e169b8e651d.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Update Status	172b33e43cbb3ad6705549f5b3af1025e5632ca47d735ec9eb038e169b8e651d.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Update Status	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Previous Update Revision	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Component Information	172b33e43cbb3ad6705549f5b3af1025e5632ca47d735ec9eb038e169b8e651d.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	172b33e43cbb3ad6705549f5b3af1025e5632ca47d735ec9eb038e169b8e651d.exe
Key value enumerated	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Component Information	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform Specific Field 1	rundll32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	172b33e43cbb3ad6705549f5b3af1025e5632ca47d735ec9eb038e169b8e651d.exe
Key value enumerated	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	172b33e43cbb3ad6705549f5b3af1025e5632ca47d735ec9eb038e169b8e651d.exe
Key enumerated	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor	172b33e43cbb3ad6705549f5b3af1025e5632ca47d735ec9eb038e169b8e651d.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	172b33e43cbb3ad6705549f5b3af1025e5632ca47d735ec9eb038e169b8e651d.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\FeatureSet	rundll32.exe

Modifies registry class 1 IoCs

Processes:

rundll32.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000_Classes\Local Settings rundll32.exe
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

rundll32.exe

pid process

5060 rundll32.exe
5060 rundll32.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

rundll32.exe

description pid process

Token: SeDebugPrivilege 5060 rundll32.exe
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

rundll32.exe

pid process

5060 rundll32.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000_Classes\Local Settings	rundll32.exe

pid	process
5060	rundll32.exe
5060	rundll32.exe

description	pid	process
Token: SeDebugPrivilege	5060	rundll32.exe

pid	process
5060	rundll32.exe

Suspicious use of WriteProcessMemory 23 IoCs

Processes:

172b33e43cbb3ad6705549f5b3af1025e5632ca47d735ec9eb038e169b8e651d.exe

description	pid	process	target process
PID 4344 wrote to memory of 4116	4344	172b33e43cbb3ad6705549f5b3af1025e5632ca47d735ec9eb038e169b8e651d.exe	rundll32.exe
PID 4344 wrote to memory of 4116	4344	172b33e43cbb3ad6705549f5b3af1025e5632ca47d735ec9eb038e169b8e651d.exe	rundll32.exe
PID 4344 wrote to memory of 4116	4344	172b33e43cbb3ad6705549f5b3af1025e5632ca47d735ec9eb038e169b8e651d.exe	rundll32.exe
PID 4344 wrote to memory of 4116	4344	172b33e43cbb3ad6705549f5b3af1025e5632ca47d735ec9eb038e169b8e651d.exe	rundll32.exe
PID 4344 wrote to memory of 4116	4344	172b33e43cbb3ad6705549f5b3af1025e5632ca47d735ec9eb038e169b8e651d.exe	rundll32.exe
PID 4344 wrote to memory of 4116	4344	172b33e43cbb3ad6705549f5b3af1025e5632ca47d735ec9eb038e169b8e651d.exe	rundll32.exe
PID 4344 wrote to memory of 4116	4344	172b33e43cbb3ad6705549f5b3af1025e5632ca47d735ec9eb038e169b8e651d.exe	rundll32.exe
PID 4344 wrote to memory of 4116	4344	172b33e43cbb3ad6705549f5b3af1025e5632ca47d735ec9eb038e169b8e651d.exe	rundll32.exe
PID 4344 wrote to memory of 4116	4344	172b33e43cbb3ad6705549f5b3af1025e5632ca47d735ec9eb038e169b8e651d.exe	rundll32.exe
PID 4344 wrote to memory of 4116	4344	172b33e43cbb3ad6705549f5b3af1025e5632ca47d735ec9eb038e169b8e651d.exe	rundll32.exe
PID 4344 wrote to memory of 4116	4344	172b33e43cbb3ad6705549f5b3af1025e5632ca47d735ec9eb038e169b8e651d.exe	rundll32.exe
PID 4344 wrote to memory of 4116	4344	172b33e43cbb3ad6705549f5b3af1025e5632ca47d735ec9eb038e169b8e651d.exe	rundll32.exe
PID 4344 wrote to memory of 4116	4344	172b33e43cbb3ad6705549f5b3af1025e5632ca47d735ec9eb038e169b8e651d.exe	rundll32.exe
PID 4344 wrote to memory of 4116	4344	172b33e43cbb3ad6705549f5b3af1025e5632ca47d735ec9eb038e169b8e651d.exe	rundll32.exe
PID 4344 wrote to memory of 4116	4344	172b33e43cbb3ad6705549f5b3af1025e5632ca47d735ec9eb038e169b8e651d.exe	rundll32.exe
PID 4344 wrote to memory of 4116	4344	172b33e43cbb3ad6705549f5b3af1025e5632ca47d735ec9eb038e169b8e651d.exe	rundll32.exe
PID 4344 wrote to memory of 4116	4344	172b33e43cbb3ad6705549f5b3af1025e5632ca47d735ec9eb038e169b8e651d.exe	rundll32.exe
PID 4344 wrote to memory of 4116	4344	172b33e43cbb3ad6705549f5b3af1025e5632ca47d735ec9eb038e169b8e651d.exe	rundll32.exe
PID 4344 wrote to memory of 4116	4344	172b33e43cbb3ad6705549f5b3af1025e5632ca47d735ec9eb038e169b8e651d.exe	rundll32.exe
PID 4344 wrote to memory of 5060	4344	172b33e43cbb3ad6705549f5b3af1025e5632ca47d735ec9eb038e169b8e651d.exe	rundll32.exe
PID 4344 wrote to memory of 5060	4344	172b33e43cbb3ad6705549f5b3af1025e5632ca47d735ec9eb038e169b8e651d.exe	rundll32.exe
PID 4344 wrote to memory of 5060	4344	172b33e43cbb3ad6705549f5b3af1025e5632ca47d735ec9eb038e169b8e651d.exe	rundll32.exe
PID 4344 wrote to memory of 5060	4344	172b33e43cbb3ad6705549f5b3af1025e5632ca47d735ec9eb038e169b8e651d.exe	rundll32.exe

outlook_office_path 1 IoCs

Processes:

rundll32.exe

description	ioc	process
Key opened	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	rundll32.exe

outlook_win_path 1 IoCs

Processes:

rundll32.exe

description	ioc	process
Key opened	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	rundll32.exe

C:\Users\Admin\AppData\Local\Temp\172b33e43cbb3ad6705549f5b3af1025e5632ca47d735ec9eb038e169b8e651d.exe
"C:\Users\Admin\AppData\Local\Temp\172b33e43cbb3ad6705549f5b3af1025e5632ca47d735ec9eb038e169b8e651d.exe"
1⤵
- Suspicious use of SetThreadContext
- Checks processor information in registry
- Suspicious use of WriteProcessMemory
PID:4344

C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\syswow64\rundll32.exe" "C:\Windows\syswow64\shell32.dll",#61
2⤵
- Blocklisted process makes network request
PID:4116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4344 -s 612
2⤵
- Program crash
PID:1584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4344 -s 924
2⤵
- Program crash
PID:5112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4344 -s 932
2⤵
- Program crash
PID:2568

C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\syswow64\rundll32.exe" "C:\Windows\syswow64\shell32.dll",#61
2⤵
- Accesses Microsoft Outlook accounts
- Accesses Microsoft Outlook profiles
- Checks processor information in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- outlook_office_path
- outlook_win_path
PID:5060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4344 -s 1040
2⤵
- Program crash
PID:3696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 4344 -ip 4344
1⤵
PID:332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 4344 -ip 4344
1⤵
PID:4540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 4344 -ip 4344
1⤵
PID:2308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 4344 -ip 4344
1⤵
PID:4776

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1

T1081

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Data from Local System

1

T1005

Email Collection

2

T1114

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Ouuorspuqqpf.tmp
Filesize
3.1MB

MD5
89704d53dd9ad75a12c7e8c75f98c78e

SHA1
4515d539f7813726592c940386c5553185ea18b0

SHA256
9a9aced19fc12d0d7542d37f4429196318d1a85c7843b6f6704c3a318f80319b

SHA512
7a1a446e21dbcaf73371e234721dcdf21e485744d1814d74702de14a9c758b874a2cb166a20230df2604271bf3121b00498df7d85641c02dd81bc14335b3b75e

Download Submit
memory/4116-135-0x0000000000000000-mapping.dmp

Download
memory/4344-142-0x0000000003C80000-0x0000000003DC0000-memory.dmp

Filesize
1.2MB

Download
memory/4344-136-0x0000000000400000-0x0000000000728000-memory.dmp

Filesize
3.2MB

Download
memory/4344-145-0x0000000003C80000-0x0000000003DC0000-memory.dmp

Filesize
1.2MB

Download
memory/4344-132-0x0000000000400000-0x0000000000728000-memory.dmp

Filesize
3.2MB

Download
memory/4344-146-0x0000000003C80000-0x0000000003DC0000-memory.dmp

Filesize
1.2MB

Download
memory/4344-131-0x00000000026F0000-0x0000000002920000-memory.dmp

Filesize
2.2MB

Download
memory/4344-138-0x0000000003110000-0x0000000003B6A000-memory.dmp

Filesize
10.4MB

Download
memory/4344-143-0x0000000003C80000-0x0000000003DC0000-memory.dmp

Filesize
1.2MB

Download
memory/4344-141-0x0000000003C80000-0x0000000003DC0000-memory.dmp

Filesize
1.2MB

Download
memory/4344-140-0x0000000003110000-0x0000000003B6A000-memory.dmp

Filesize
10.4MB

Download
memory/4344-130-0x000000000246F000-0x0000000002551000-memory.dmp

Filesize
904KB

Download
memory/4344-144-0x0000000003C80000-0x0000000003DC0000-memory.dmp

Filesize
1.2MB

Download
memory/4344-134-0x0000000000400000-0x0000000000728000-memory.dmp

Filesize
3.2MB

Download
memory/4344-133-0x0000000000400000-0x0000000000728000-memory.dmp

Filesize
3.2MB

Download
memory/4344-139-0x0000000003110000-0x0000000003B6A000-memory.dmp

Filesize
10.4MB

Download
memory/4344-147-0x0000000003C80000-0x0000000003DC0000-memory.dmp

Filesize
1.2MB

Download
memory/4344-148-0x0000000003C80000-0x0000000003DC0000-memory.dmp

Filesize
1.2MB

Download
memory/4344-156-0x0000000003110000-0x0000000003B6A000-memory.dmp

Filesize
10.4MB

Download
memory/5060-150-0x00000000029A0000-0x00000000033FA000-memory.dmp

Filesize
10.4MB

Download
memory/5060-152-0x00000000034C0000-0x0000000003600000-memory.dmp

Filesize
1.2MB

Download
memory/5060-151-0x00000000034C0000-0x0000000003600000-memory.dmp

Filesize
1.2MB

Download
memory/5060-153-0x00000000004C0000-0x0000000000DFB000-memory.dmp

Filesize
9.2MB

Download
memory/5060-154-0x00000000029A0000-0x00000000033FA000-memory.dmp

Filesize
10.4MB

Download
memory/5060-155-0x00000000029A0000-0x00000000033FA000-memory.dmp

Filesize
10.4MB

Download
memory/5060-149-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads