General
-
Target
4d0eb1ea2c50b8df0baefe7ee141d59f678ef30833e1117efdc101150a8d19f8
-
Size
2.5MB
-
Sample
220727-yafztsgghl
-
MD5
ec3aebda15898614260dc54b5247a1ac
-
SHA1
cbb799cc9a1d0bcae3b0c3e4de1d9ccd055ca109
-
SHA256
4d0eb1ea2c50b8df0baefe7ee141d59f678ef30833e1117efdc101150a8d19f8
-
SHA512
dc4e27ab37c7e6187eb65c5a0d06c658c570b6918136feb67d63e3684eec5122ca7f8c04f22c656bd9a427eabf28ed99c6ddd70cc6b0bd0f113a9367b99d781d
Static task
static1
Malware Config
Extracted
danabot
45.153.241.115:443
172.93.181.217:443
172.93.181.219:443
192.236.192.154:443
-
embedded_hash
E91E701C5196B30913375191EC27E0B2
-
type
loader
Targets
-
-
Target
4d0eb1ea2c50b8df0baefe7ee141d59f678ef30833e1117efdc101150a8d19f8
-
Size
2.5MB
-
MD5
ec3aebda15898614260dc54b5247a1ac
-
SHA1
cbb799cc9a1d0bcae3b0c3e4de1d9ccd055ca109
-
SHA256
4d0eb1ea2c50b8df0baefe7ee141d59f678ef30833e1117efdc101150a8d19f8
-
SHA512
dc4e27ab37c7e6187eb65c5a0d06c658c570b6918136feb67d63e3684eec5122ca7f8c04f22c656bd9a427eabf28ed99c6ddd70cc6b0bd0f113a9367b99d781d
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-