General
-
Target
9FC9D28077290D908516A0FB27BBD7361E7B8EC842E34.dll
-
Size
3.8MB
-
Sample
221126-e2hsysbh24
-
MD5
9c52ec98ac0e9e6fa4cc47a75874587e
-
SHA1
6bc94c984e6908ecf1e339642172519c82c6a30e
-
SHA256
9fc9d28077290d908516a0fb27bbd7361e7b8ec842e3451a9985697d54b31608
-
SHA512
6bb9b55dc1b7271cb6490db2093e94d2d63b6bb571be9670957f4e673d8d660bc540bf58ef87906e0f6cbfbd5f2939055b4ec2414d1e7ee6434c406d98b7ee75
-
SSDEEP
98304:Io9Ui7KhE8MBGHLLVNUvSlZ902ojL5mT0dAVz2huo0:g5aJGXTUvw02+L5mT0dsC50
Static task
static1
Behavioral task
behavioral1
Sample
9FC9D28077290D908516A0FB27BBD7361E7B8EC842E34.dll
Resource
win7-20220812-en
Malware Config
Extracted
danabot
1765
3
192.236.192.241:443
134.119.186.198:443
104.168.156.222:443
167.114.188.34:443
-
embedded_hash
82C66843DE542BC5CB88F713DE39B52B
-
type
main
Targets
-
-
Target
9FC9D28077290D908516A0FB27BBD7361E7B8EC842E34.dll
-
Size
3.8MB
-
MD5
9c52ec98ac0e9e6fa4cc47a75874587e
-
SHA1
6bc94c984e6908ecf1e339642172519c82c6a30e
-
SHA256
9fc9d28077290d908516a0fb27bbd7361e7b8ec842e3451a9985697d54b31608
-
SHA512
6bb9b55dc1b7271cb6490db2093e94d2d63b6bb571be9670957f4e673d8d660bc540bf58ef87906e0f6cbfbd5f2939055b4ec2414d1e7ee6434c406d98b7ee75
-
SSDEEP
98304:Io9Ui7KhE8MBGHLLVNUvSlZ902ojL5mT0dAVz2huo0:g5aJGXTUvw02+L5mT0dsC50
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-