General
-
Target
47a76fcca7a16b5df3247af6445add83cf50cfe12fffa53bfba37e2079d5a7d7
-
Size
2.1MB
-
Sample
220714-gn8tbsghcj
-
MD5
dab55f2f947137768b146dd7b1ad14b0
-
SHA1
6105e216ea30f15ed9378ea8a5a229166f7c9685
-
SHA256
47a76fcca7a16b5df3247af6445add83cf50cfe12fffa53bfba37e2079d5a7d7
-
SHA512
c2f1592cbdd1ea4c7dd816db258d09ec2ca2e542e40a988e257863731e08a7b1defbcd3b054fb666afa00bfa6f62e0c5c8405fc25f841095a0932ef0f28bbc6a
Static task
static1
Behavioral task
behavioral1
Sample
CRA_INV_2019_971532009702/CRA_INV_2019_971532009702.vbs
Resource
win7-20220414-en
Malware Config
Extracted
danabot
181.63.44.194
207.148.83.108
45.77.40.71
87.115.138.169
24.229.48.7
116.111.206.27
45.196.143.203
218.65.3.199
131.59.110.186
113.81.97.96
Targets
-
-
Target
CRA_INV_2019_971532009702/CRA_INV_2019_971532009702.vbs
-
Size
22.6MB
-
MD5
5d970965b78013545a9c0d32eb10ee61
-
SHA1
29c055edc3c0de81add7741034f2aa8f038bc638
-
SHA256
50b32f4330ee0822a8010830064aaae8d58a32e556cf77e4dcb624e640ec2234
-
SHA512
a4a344f279c156edc1ed6d5c072962006ab84781f9ed5e3b718d94559c3fb6b6dcdf429020a1458528edd957334c718c7fe641117b5f50fad4a2d18ec5b723a5
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-