General
-
Target
6sqtt_07072022_103144.vbs
-
Size
8KB
-
Sample
220709-hgb2fscecm
-
MD5
6ebff0e37948aa39e62905c59795ab31
-
SHA1
985d46dce1d208445d3e54be9ce8a6d2e7843823
-
SHA256
039d264f6276dcbde5ddcc40808ccc215a914cbd0bbcc67e317d9cb92d7b9020
-
SHA512
fe4440f7824017317b74974b318a58251ed6756049cfd05de9dda5d9b379ba6dd637e59fee3ca996712ae3442cdd54fd190cf208ad20d92a4c5a67111b7d78e6
Static task
static1
Behavioral task
behavioral1
Sample
6sqtt_07072022_103144.vbs
Resource
win7-20220414-en
Malware Config
Extracted
danabot
100.0.0.0:5148
58.50.42.34:13886
26.18.10.2:5662
60.52.44.36:14400
-
embedded_hash
zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
-
type
loader
Targets
-
-
Target
6sqtt_07072022_103144.vbs
-
Size
8KB
-
MD5
6ebff0e37948aa39e62905c59795ab31
-
SHA1
985d46dce1d208445d3e54be9ce8a6d2e7843823
-
SHA256
039d264f6276dcbde5ddcc40808ccc215a914cbd0bbcc67e317d9cb92d7b9020
-
SHA512
fe4440f7824017317b74974b318a58251ed6756049cfd05de9dda5d9b379ba6dd637e59fee3ca996712ae3442cdd54fd190cf208ad20d92a4c5a67111b7d78e6
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-