General
-
Target
ac94e331b38a4f08aae13033be47c7534f8065730756c0971174031794b31c26
-
Size
2.1MB
-
Sample
221128-mg376afe53
-
MD5
bea42b6875eeb5021bddea3fab1066ee
-
SHA1
46de5e226fe73309dd3b162de70a574d33d4aeb9
-
SHA256
ac94e331b38a4f08aae13033be47c7534f8065730756c0971174031794b31c26
-
SHA512
76c0170f79975607316cf7f6355e57cfd2a48a751cf8a24d86ab658f6a6756e9c9f12d0dca25832e59010b7a5322b5899dfe72cdbc26bf8dab5803c318d9a3ed
-
SSDEEP
49152:oKB1Flu1JIKJv9lEWv0/WNS3C7QcHggNKTKp10MTStC2OB:BYJFlEMcnQgvMTp2M
Static task
static1
Behavioral task
behavioral1
Sample
CRA_INV_2019_831222351365/CRA_INV_2019_831222351365.vbs
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
CRA_INV_2019_831222351365/CRA_INV_2019_831222351365.vbs
Resource
win10v2004-20221111-en
Malware Config
Extracted
danabot
181.63.44.194
207.148.83.108
45.77.40.71
87.115.138.169
24.229.48.7
116.111.206.27
45.196.143.203
218.65.3.199
131.59.110.186
113.81.97.96
Targets
-
-
Target
CRA_INV_2019_831222351365/CRA_INV_2019_831222351365.vbs
-
Size
24.3MB
-
MD5
350e751bb68ade139e174d65008eebe0
-
SHA1
f235f388686573edd1475f337c9b5b34afd4b9e1
-
SHA256
d39e3c62fb0b70846240f3d73a3885d5024eebcc9e61fa77f5ebbb450fbf7620
-
SHA512
3b34c36fd8e2e9b83150cfe652bc34c615b0017174f35d4ba2513d63b73aa51ae75c928f7e6307bd29d9adeb3222cb6ba8f19c0feeab53d2cf2f66ca43394f47
-
SSDEEP
6144:tJGfk3YNoB2OmKvIbvSGF2qU4DZA3fX680UPUXzmcTc8cxhTWMRA4PZUhQKsTRIq:WnhrO
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-