General
-
Target
Faktura.PDF.exe
-
Size
3.2MB
-
Sample
221017-qmyreacagr
-
MD5
5da162eebc4d19470d96c9138eef7c1b
-
SHA1
674fae4a60d3040bf962c8ff0af5bd14bcb9ed9e
-
SHA256
3c825d5a2cc6da2b923f3bba6ba850295e0e23ca8ddad1f716d859d585c225e6
-
SHA512
08efaea6cc218b873b23727ca6f72f06460dc5b1d3ab6af2a551f5ce6d3ea796a10112c1ab88c8e82744b614b778b239eef7ed1b3805f14c9a3a96844b3535e8
-
SSDEEP
98304:tjeA5Hw2+x3MOITGA2ZgtMvhjvsSk3SU7iio:heA5H9AIythjvm3lo
Static task
static1
Behavioral task
behavioral1
Sample
Faktura.PDF.exe
Resource
win7-20220901-en
Malware Config
Extracted
danabot
136.167.173.24
73.114.1.155
45.172.198.33
100.88.36.122
106.127.134.181
195.123.220.45
151.236.14.84
198.102.202.22
19.121.241.168
222.30.140.7
Targets
-
-
Target
Faktura.PDF.exe
-
Size
3.2MB
-
MD5
5da162eebc4d19470d96c9138eef7c1b
-
SHA1
674fae4a60d3040bf962c8ff0af5bd14bcb9ed9e
-
SHA256
3c825d5a2cc6da2b923f3bba6ba850295e0e23ca8ddad1f716d859d585c225e6
-
SHA512
08efaea6cc218b873b23727ca6f72f06460dc5b1d3ab6af2a551f5ce6d3ea796a10112c1ab88c8e82744b614b778b239eef7ed1b3805f14c9a3a96844b3535e8
-
SSDEEP
98304:tjeA5Hw2+x3MOITGA2ZgtMvhjvsSk3SU7iio:heA5H9AIythjvm3lo
-
Danabot x86 payload
Detection of Danabot x86 payload, mapped in memory during the execution of its loader.
-
Blocklisted process makes network request
-
Loads dropped DLL
-