General
-
Target
dana.vbs
-
Size
1.4MB
-
Sample
220820-v6x2fahcf3
-
MD5
a044c72c7f6f03fcacdd752412a03c1f
-
SHA1
bc48611b299c90d14d2847ce201fea2bb15e9a08
-
SHA256
6ac20d40a2425f1366ca2f69953f15c374b010d3738b4a430cb6f3935ef3c7c1
-
SHA512
547a89a9ea81df9527b74cbb1715d32dfc74a9b43b9e107edaea2f686c8d4a3728360b57aaa7fdc461eb3addd6e82037e6ba44e61645adfb41d802972f2eb8e2
-
SSDEEP
6144:M3oFMTG9dBGc8hR7/1Cs95L+qbDBdmoAcT:M3dxZt
Static task
static1
Behavioral task
behavioral1
Sample
dana.vbs
Resource
win7-20220812-en
Malware Config
Extracted
danabot
185.43.196.194
170.36.230.93
25.125.161.14
152.163.122.91
252.243.36.124
94.2.203.24
95.179.186.57
58.41.130.190
89.144.25.104
182.54.114.216
Targets
-
-
Target
dana.vbs
-
Size
1.4MB
-
MD5
a044c72c7f6f03fcacdd752412a03c1f
-
SHA1
bc48611b299c90d14d2847ce201fea2bb15e9a08
-
SHA256
6ac20d40a2425f1366ca2f69953f15c374b010d3738b4a430cb6f3935ef3c7c1
-
SHA512
547a89a9ea81df9527b74cbb1715d32dfc74a9b43b9e107edaea2f686c8d4a3728360b57aaa7fdc461eb3addd6e82037e6ba44e61645adfb41d802972f2eb8e2
-
SSDEEP
6144:M3oFMTG9dBGc8hR7/1Cs95L+qbDBdmoAcT:M3dxZt
-
Danabot x86 payload
Detection of Danabot x86 payload, mapped in memory during the execution of its loader.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-