General
-
Target
46478b9d9f1a0eddae3c3c94738b505c7d45aed0ed19051b6883186c77259f2a
-
Size
2.1MB
-
Sample
220707-k8dqgacfa7
-
MD5
0b072c181052f04bedcb5080842f3766
-
SHA1
d9e57acf3c5343b4fdd6b9b1277e0474e5c3a83c
-
SHA256
46478b9d9f1a0eddae3c3c94738b505c7d45aed0ed19051b6883186c77259f2a
-
SHA512
9ce1af9395ae5192b320e7664088cf7bc08eb2e289e1febc2552650c432f847ce087c50a360c8be5658d2ae3acef2207d4a5ed2a37c5ce70c1f22258bbd57a93
Static task
static1
Behavioral task
behavioral1
Sample
CRA_INV_2019_148625782140/CRA_INV_2019_148625782140.vbs
Resource
win7-20220414-en
Malware Config
Extracted
danabot
181.63.44.194
207.148.83.108
45.77.40.71
87.115.138.169
24.229.48.7
116.111.206.27
45.196.143.203
218.65.3.199
131.59.110.186
113.81.97.96
Targets
-
-
Target
CRA_INV_2019_148625782140/CRA_INV_2019_148625782140.vbs
-
Size
23.7MB
-
MD5
611c2bf7aa7bb62e90f3a92f3682c0b5
-
SHA1
4a863046a56c0582ac43acabd7f465c725392799
-
SHA256
f74001bcf33072d683af2fcd20b1e0f1902b86a33898b37df1f364c31136a4ee
-
SHA512
24adbc4cf7ebed6ac6f5a9a08396d41af15f1d6586890d43be40dd6220f746bcd8ebf2d6bee4a8632a406842e8ece0afff4dfde2e58aabedd19ea15ee3984c60
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-