General
-
Target
00ffc90fe64f11be4ad0f101dad20fc5fb4b649aac23ed2e412f08a2c84666f7
-
Size
4.4MB
-
Sample
220708-h1ftraggb4
-
MD5
cf2a23761ab9a798816b513be21499e3
-
SHA1
1cf5eef658b1634260790f1136595824b32503bd
-
SHA256
00ffc90fe64f11be4ad0f101dad20fc5fb4b649aac23ed2e412f08a2c84666f7
-
SHA512
e40df6ab6e7eb47cbef2420ba25f54ea263e7fae143badbd829fcbe65907232cc94b1b23549af6f85efb290d049dd67c71b521af30e15883e9abfc84dfec33de
Static task
static1
Behavioral task
behavioral1
Sample
00ffc90fe64f11be4ad0f101dad20fc5fb4b649aac23ed2e412f08a2c84666f7.exe
Resource
win7-20220414-en
Malware Config
Extracted
danabot
1732
3
104.144.64.163:443
108.62.141.152:443
108.62.118.103:443
192.241.101.68:443
-
embedded_hash
49574F66CD0103BBD725C08A9805C2BE
-
type
main
Targets
-
-
Target
00ffc90fe64f11be4ad0f101dad20fc5fb4b649aac23ed2e412f08a2c84666f7
-
Size
4.4MB
-
MD5
cf2a23761ab9a798816b513be21499e3
-
SHA1
1cf5eef658b1634260790f1136595824b32503bd
-
SHA256
00ffc90fe64f11be4ad0f101dad20fc5fb4b649aac23ed2e412f08a2c84666f7
-
SHA512
e40df6ab6e7eb47cbef2420ba25f54ea263e7fae143badbd829fcbe65907232cc94b1b23549af6f85efb290d049dd67c71b521af30e15883e9abfc84dfec33de
-
Blocklisted process makes network request
-
Deletes itself
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-