General
-
Target
19524f18ed92072060b9e7cb4bc49b2c8a48341f42dd981fbb9989798f1ca1fa
-
Size
4.0MB
-
Sample
221130-we4wcaeg6v
-
MD5
8f129ca0e882e49208ef4749bfaab916
-
SHA1
6a44d8e9af5097a8f2fd5e9928fd1d29c483aa53
-
SHA256
19524f18ed92072060b9e7cb4bc49b2c8a48341f42dd981fbb9989798f1ca1fa
-
SHA512
d97b9a0b5d8dd80a0138eb4e33ec00be66e57f5978eb1614d05c0d60c6390a546097e454249ca207aa1f6ec04fcf2e44cdca4a84dfc5bd905f2a9d9c0991987d
-
SSDEEP
98304:fpvKw4l/aCvEhf/EtxpQD4x1K0hp476EtDF:f8NHEdEzy4DK0hp476I
Static task
static1
Behavioral task
behavioral1
Sample
19524f18ed92072060b9e7cb4bc49b2c8a48341f42dd981fbb9989798f1ca1fa.exe
Resource
win7-20221111-en
Malware Config
Extracted
danabot
1765
3
79.124.78.236:443
134.119.186.199:443
192.236.162.42:443
134.119.186.198:443
-
embedded_hash
82C66843DE542BC5CB88F713DE39B52B
-
type
main
Targets
-
-
Target
19524f18ed92072060b9e7cb4bc49b2c8a48341f42dd981fbb9989798f1ca1fa
-
Size
4.0MB
-
MD5
8f129ca0e882e49208ef4749bfaab916
-
SHA1
6a44d8e9af5097a8f2fd5e9928fd1d29c483aa53
-
SHA256
19524f18ed92072060b9e7cb4bc49b2c8a48341f42dd981fbb9989798f1ca1fa
-
SHA512
d97b9a0b5d8dd80a0138eb4e33ec00be66e57f5978eb1614d05c0d60c6390a546097e454249ca207aa1f6ec04fcf2e44cdca4a84dfc5bd905f2a9d9c0991987d
-
SSDEEP
98304:fpvKw4l/aCvEhf/EtxpQD4x1K0hp476EtDF:f8NHEdEzy4DK0hp476I
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-