General
-
Target
490023fafc0631851361ebcdd71be6e81579613114b5befec4b5c2bb60704ff9
-
Size
2.1MB
-
Sample
220714-bkjgdafber
-
MD5
8199ade1144dad826ef6921bb2500667
-
SHA1
70c322b6c4d3853807520ae9137c34022cb5d0d7
-
SHA256
490023fafc0631851361ebcdd71be6e81579613114b5befec4b5c2bb60704ff9
-
SHA512
c3dbabf46a80e06462aa78a53f20d0b9e081b4c1891534290ba3de735b87cea58e6c920fd4a27f64bb40aa3eeb4f709a2dab1b8746aa63f592e8ad7e6edfb087
Static task
static1
Behavioral task
behavioral1
Sample
CRA_INV_2019_809994565654/CRA_INV_2019_809994565654.vbs
Resource
win7-20220414-en
Malware Config
Extracted
danabot
181.63.44.194
207.148.83.108
45.77.40.71
87.115.138.169
24.229.48.7
116.111.206.27
45.196.143.203
218.65.3.199
131.59.110.186
113.81.97.96
Targets
-
-
Target
CRA_INV_2019_809994565654/CRA_INV_2019_809994565654.vbs
-
Size
24.2MB
-
MD5
3818ef620d826c62136f450c32429ae5
-
SHA1
1297b772ec42586ce1c6db624e8948cbe265710d
-
SHA256
38c668144becb1199196394ad78df6694c86597a283aea61bd036dc1da2eef62
-
SHA512
9789441d9a76f62213ce9889422241c6732ec21ab4ddfff4b596136d327d393c03f8c2f0973b07fd88c7d21c1149d1418d3c153b6b802562ad4b9035ebe78c00
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-