General
-
Target
0312783b108da0ed9b172c72a935119f199d7976f30d55e0dc830e90e78b4d5a
-
Size
260KB
-
Sample
221027-psckpacbc4
-
MD5
0422013509122e0b6c419b0d8e41e762
-
SHA1
05df75f7b2391c7485920367058b487306e5dab7
-
SHA256
0312783b108da0ed9b172c72a935119f199d7976f30d55e0dc830e90e78b4d5a
-
SHA512
2c46102c3a662d2518798c3853d0e890e35282e1dbae2a155336ef9656e7bae94574371e7081fc0ef37090c55b8f0cbb98f856a070104e9604887ca04451efca
-
SSDEEP
6144:dqhhmHJQAaPd9FZh6h98USHgn+PkfZx0U:dWhmHJQA2d9Lh6h966+28
Static task
static1
Malware Config
Extracted
danabot
172.86.120.215:443
213.227.155.103:443
103.187.26.147:443
172.86.120.138:443
49.0.50.0:57
51.0.52.0:0
53.0.54.0:1200
55.0.56.0:65535
-
embedded_hash
BBBB0DB8CB7E6D152424535822E445A7
-
type
loader
Targets
-
-
Target
0312783b108da0ed9b172c72a935119f199d7976f30d55e0dc830e90e78b4d5a
-
Size
260KB
-
MD5
0422013509122e0b6c419b0d8e41e762
-
SHA1
05df75f7b2391c7485920367058b487306e5dab7
-
SHA256
0312783b108da0ed9b172c72a935119f199d7976f30d55e0dc830e90e78b4d5a
-
SHA512
2c46102c3a662d2518798c3853d0e890e35282e1dbae2a155336ef9656e7bae94574371e7081fc0ef37090c55b8f0cbb98f856a070104e9604887ca04451efca
-
SSDEEP
6144:dqhhmHJQAaPd9FZh6h98USHgn+PkfZx0U:dWhmHJQA2d9Lh6h966+28
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Suspicious use of SetThreadContext
-