General
-
Target
3b3c1bf5606df5cba57dc1a7356b930d4f3085d36009dace3dcdc1142bec89ae
-
Size
1.3MB
-
Sample
220924-mjzmrabba5
-
MD5
6c8dae264996341ae65a75924ff7fc53
-
SHA1
42effe3e6fcf3fdefaa35efe8df240e1b6b12cc2
-
SHA256
3b3c1bf5606df5cba57dc1a7356b930d4f3085d36009dace3dcdc1142bec89ae
-
SHA512
e2395302f97bdcdc6e71227e1e7c0dd7349846766160fc0977884e709ca194dda836799f9c3eef0122fd6bd1d9bb612e44b41c40e856f68e0d938e691b8141cd
-
SSDEEP
24576:2NKZnf0/89gyp3ZHGy9oAwfOD+4K9YPW51Vg14pcB9eXdv3wMQDKvAI:wKRf0UzCfOD+4K91ViBBgv3wMQ7
Static task
static1
Malware Config
Extracted
danabot
198.15.112.179:443
185.62.56.245:443
153.92.223.225:443
192.119.70.159:443
-
embedded_hash
6618C163D57D6441FCCA65D86C4D380D
-
type
loader
Targets
-
-
Target
3b3c1bf5606df5cba57dc1a7356b930d4f3085d36009dace3dcdc1142bec89ae
-
Size
1.3MB
-
MD5
6c8dae264996341ae65a75924ff7fc53
-
SHA1
42effe3e6fcf3fdefaa35efe8df240e1b6b12cc2
-
SHA256
3b3c1bf5606df5cba57dc1a7356b930d4f3085d36009dace3dcdc1142bec89ae
-
SHA512
e2395302f97bdcdc6e71227e1e7c0dd7349846766160fc0977884e709ca194dda836799f9c3eef0122fd6bd1d9bb612e44b41c40e856f68e0d938e691b8141cd
-
SSDEEP
24576:2NKZnf0/89gyp3ZHGy9oAwfOD+4K9YPW51Vg14pcB9eXdv3wMQDKvAI:wKRf0UzCfOD+4K91ViBBgv3wMQ7
-
Blocklisted process makes network request
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-