General
-
Target
431c61d89f2c7e8e281b64fb2064dbab5ebdf40b0a556887544a02beb28e827d
-
Size
195KB
-
Sample
220707-3yqamabcd2
-
MD5
fb1fd78778879ee7bc17d238d3ebb87f
-
SHA1
11b2b7a57db603718334d6242f50f39296b0e5b2
-
SHA256
431c61d89f2c7e8e281b64fb2064dbab5ebdf40b0a556887544a02beb28e827d
-
SHA512
10466cacdff2d07756f4c723d3044f120c0e8a6c4b0b5994f697698ca67092a73cbfb25be6351f76efa35a46bec99282b8b9ffbd25728083e8904ec6e3cd8fd9
Static task
static1
Behavioral task
behavioral1
Sample
0010299_01001.js
Resource
win7-20220414-en
Malware Config
Extracted
danabot
164.175.70.152
89.144.25.243
86.177.194.155
29.195.96.191
29.43.1.29
84.215.94.117
115.58.63.174
89.144.25.104
199.179.34.46
68.48.87.153
Targets
-
-
Target
0010299_01001.js
-
Size
1.0MB
-
MD5
d115552252592f589e7412d6650a949e
-
SHA1
ad4c6cd7e85541866f5cd0fa747b7f08a5fe8067
-
SHA256
3b55010b7f8f4e7ded435b29af5d00f98c06dd8f14258355d0049f186f4a6bbc
-
SHA512
461aebb7a488102e3de0c9b807dbf8d04a41737d050dc4ca95bbf8283ee5176845adafee6bf81db83a73af2b67e66f45adaad6a145062ae035208cee71adfa71
-
Danabot x86 payload
Detection of Danabot x86 payload, mapped in memory during the execution of its loader.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-