General
-
Target
a2676038aeee24af09b0464a1244f34f95dcf2cb4cb883753ef66a0e9213e47a
-
Size
4.4MB
-
Sample
220630-yc6m9scad8
-
MD5
364526dd099a238f2351e994be7a912c
-
SHA1
d8f39848296c18372421bba022bd62a688adcd0c
-
SHA256
a2676038aeee24af09b0464a1244f34f95dcf2cb4cb883753ef66a0e9213e47a
-
SHA512
67ab390b2635c36f180659401f4877bc72600bc27b53c46b06ca9f08eb82e5a3449069a9c6463e43d7803e3741ce86569c97c822f018405b54599981286512ed
Static task
static1
Behavioral task
behavioral1
Sample
a2676038aeee24af09b0464a1244f34f95dcf2cb4cb883753ef66a0e9213e47a.exe
Resource
win7-20220414-en
Malware Config
Extracted
danabot
1732
3
23.226.132.92:443
108.62.141.152:443
192.241.101.68:443
23.106.123.249:443
-
embedded_hash
49574F66CD0103BBD725C08A9805C2BE
-
type
main
Targets
-
-
Target
a2676038aeee24af09b0464a1244f34f95dcf2cb4cb883753ef66a0e9213e47a
-
Size
4.4MB
-
MD5
364526dd099a238f2351e994be7a912c
-
SHA1
d8f39848296c18372421bba022bd62a688adcd0c
-
SHA256
a2676038aeee24af09b0464a1244f34f95dcf2cb4cb883753ef66a0e9213e47a
-
SHA512
67ab390b2635c36f180659401f4877bc72600bc27b53c46b06ca9f08eb82e5a3449069a9c6463e43d7803e3741ce86569c97c822f018405b54599981286512ed
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-