General
-
Target
3f93657bc7af36dbba53d87baf8ec9c2126fdf1d896ff90b8504ebc2a532aa06
-
Size
5.9MB
-
Sample
220701-adjywsddfl
-
MD5
1a936161249cbe295daaa2affaff158e
-
SHA1
a2f6df81c77867f2399e6b7727c7b22a0ebadbab
-
SHA256
3f93657bc7af36dbba53d87baf8ec9c2126fdf1d896ff90b8504ebc2a532aa06
-
SHA512
959484f87d1b6864379d5f6faa26e7202137449f275e2824d0095ff823ad8ba2ef957c1c82781e45cfda4c35104b9a573da5690473267fafb4c3bcf9daa4986a
Static task
static1
Behavioral task
behavioral1
Sample
3f93657bc7af36dbba53d87baf8ec9c2126fdf1d896ff90b8504ebc2a532aa06.exe
Resource
win7-20220414-en
Malware Config
Extracted
danabot
1827
3
23.81.246.201:443
23.254.225.170:443
134.119.186.216:443
23.106.123.185:443
-
embedded_hash
AEF96B4D339B580ABB737F203C2D0F52
-
type
main
Targets
-
-
Target
3f93657bc7af36dbba53d87baf8ec9c2126fdf1d896ff90b8504ebc2a532aa06
-
Size
5.9MB
-
MD5
1a936161249cbe295daaa2affaff158e
-
SHA1
a2f6df81c77867f2399e6b7727c7b22a0ebadbab
-
SHA256
3f93657bc7af36dbba53d87baf8ec9c2126fdf1d896ff90b8504ebc2a532aa06
-
SHA512
959484f87d1b6864379d5f6faa26e7202137449f275e2824d0095ff823ad8ba2ef957c1c82781e45cfda4c35104b9a573da5690473267fafb4c3bcf9daa4986a
-
Blocklisted process makes network request
-
Deletes itself
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-