General
-
Target
666549b44bcf96cc21b775d2a3cab6b63bce576de00536fba7a7fc3baa3654ce
-
Size
2.5MB
-
Sample
220727-2w9e2sadel
-
MD5
7a93f9260a7c7a750d6b922a98285952
-
SHA1
750321bc1b220d61429eaa8fe535e404cdb10e8f
-
SHA256
666549b44bcf96cc21b775d2a3cab6b63bce576de00536fba7a7fc3baa3654ce
-
SHA512
bf8bfafcada308ce3503125ca85a7c300a21014682cd3fe5dde90429f2289812c6f706b2d0cf48222b61d605953a5ebb7dd3273b5a6e18beea92080c002f30e8
Static task
static1
Malware Config
Extracted
danabot
45.153.241.115:443
172.93.181.217:443
172.93.181.219:443
192.236.192.154:443
-
embedded_hash
E91E701C5196B30913375191EC27E0B2
-
type
loader
Targets
-
-
Target
666549b44bcf96cc21b775d2a3cab6b63bce576de00536fba7a7fc3baa3654ce
-
Size
2.5MB
-
MD5
7a93f9260a7c7a750d6b922a98285952
-
SHA1
750321bc1b220d61429eaa8fe535e404cdb10e8f
-
SHA256
666549b44bcf96cc21b775d2a3cab6b63bce576de00536fba7a7fc3baa3654ce
-
SHA512
bf8bfafcada308ce3503125ca85a7c300a21014682cd3fe5dde90429f2289812c6f706b2d0cf48222b61d605953a5ebb7dd3273b5a6e18beea92080c002f30e8
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-