General
-
Target
46947cd767a758a93ea70820b806483cb86550f86d961705719b386d436e50ef
-
Size
5.9MB
-
Sample
220707-j8xmxagehm
-
MD5
8ec9015238e53a37552979a18c514ccf
-
SHA1
235aead47f8dea471ef92bcb1ef6710399465566
-
SHA256
46947cd767a758a93ea70820b806483cb86550f86d961705719b386d436e50ef
-
SHA512
809eb9a5367b530b4f47889535e14a8fd9e8a9e1c9bc719f914da387243cccf533a76e3b471633b3583cc491d199d4311c3c4f8cc627342a33537edfc010a271
Static task
static1
Behavioral task
behavioral1
Sample
46947cd767a758a93ea70820b806483cb86550f86d961705719b386d436e50ef.exe
Resource
win7-20220414-en
Malware Config
Extracted
danabot
1827
3
193.34.167.88:443
192.210.198.12:443
23.81.246.201:443
192.3.26.107:443
-
embedded_hash
AEF96B4D339B580ABB737F203C2D0F52
-
type
main
Targets
-
-
Target
46947cd767a758a93ea70820b806483cb86550f86d961705719b386d436e50ef
-
Size
5.9MB
-
MD5
8ec9015238e53a37552979a18c514ccf
-
SHA1
235aead47f8dea471ef92bcb1ef6710399465566
-
SHA256
46947cd767a758a93ea70820b806483cb86550f86d961705719b386d436e50ef
-
SHA512
809eb9a5367b530b4f47889535e14a8fd9e8a9e1c9bc719f914da387243cccf533a76e3b471633b3583cc491d199d4311c3c4f8cc627342a33537edfc010a271
-
suricata: ET MALWARE Danabot Key Exchange Request
suricata: ET MALWARE Danabot Key Exchange Request
-
Blocklisted process makes network request
-
Deletes itself
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-