Behavioral task
behavioral1
Sample
1536-57-0x00000000028C0000-0x0000000002F22000-memory.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
1536-57-0x00000000028C0000-0x0000000002F22000-memory.dll
Resource
win10v2004-20220812-en
General
-
Target
1536-57-0x00000000028C0000-0x0000000002F22000-memory.dmp
-
Size
6.4MB
-
MD5
8443edeb5f6c8d850271bcbecce07268
-
SHA1
59ddee885fe26cdf2a861b0fb2f311fdcdd5ebbc
-
SHA256
8b28c1435ba73ae861b9181496ed8d4818231181f39e2d449ee16e00252ba492
-
SHA512
29c504070f8c476567fefc165bb40c9acad116ba6c354f5b71c5250358e48a7ce5fb85217f6303ff2d9f893077c8cee68abe1da0ef1416f7aa3a2a5c1feb794e
-
SSDEEP
98304:7fxUmSHqb9IyyJFQ4Ql67EUWbSuakEs7H7AY8vjVSPe:7fSmSUaQbVakJ/j8N
Malware Config
Extracted
danabot
1765
3
192.236.192.241:443
134.119.186.198:443
104.168.156.222:443
167.114.188.34:443
-
embedded_hash
82C66843DE542BC5CB88F713DE39B52B
-
type
main
Signatures
-
Danabot family
Files
-
1536-57-0x00000000028C0000-0x0000000002F22000-memory.dmp.dll windows x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
.text Size: 4.5MB - Virtual size: 40.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.itext Size: 6KB - Virtual size: 45.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 475KB - Virtual size: 45.3MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.bss Size: - Virtual size: 45.7MB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 16KB - Virtual size: 46.8MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.didata Size: 1KB - Virtual size: 46.9MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.edata Size: 512B - Virtual size: 46.9MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 46.9MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 239KB - Virtual size: 46.9MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc Size: 20KB - Virtual size: 47.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ