General
-
Target
b9267b00e92e7d70cfc6ad95cba0fd1c324ad61e66af3472cf61fa1bf40c5a62
-
Size
4.0MB
-
Sample
221130-wlxqlscd66
-
MD5
749a4eb97367f1aa0565c1454daae1ba
-
SHA1
f7823776d4bb2da0112549785acabf0cfaeaea39
-
SHA256
b9267b00e92e7d70cfc6ad95cba0fd1c324ad61e66af3472cf61fa1bf40c5a62
-
SHA512
46d23870fff00e5d278830b0a5759a61ca38f5b15b4b4474afe9cd58d4a1035623bd055799154b7f931eae3c2b41632a7b71b297dec3363a364402648394f1ee
-
SSDEEP
98304:FjaimLAtiy6nOJj06feD0EMBeATxaoFHTG:FRCKX6Ol0oBEMcaxaIz
Static task
static1
Behavioral task
behavioral1
Sample
b9267b00e92e7d70cfc6ad95cba0fd1c324ad61e66af3472cf61fa1bf40c5a62.exe
Resource
win7-20221111-en
Malware Config
Extracted
danabot
1765
3
192.236.192.241:443
134.119.186.198:443
104.168.156.222:443
167.114.188.34:443
-
embedded_hash
82C66843DE542BC5CB88F713DE39B52B
-
type
main
Targets
-
-
Target
b9267b00e92e7d70cfc6ad95cba0fd1c324ad61e66af3472cf61fa1bf40c5a62
-
Size
4.0MB
-
MD5
749a4eb97367f1aa0565c1454daae1ba
-
SHA1
f7823776d4bb2da0112549785acabf0cfaeaea39
-
SHA256
b9267b00e92e7d70cfc6ad95cba0fd1c324ad61e66af3472cf61fa1bf40c5a62
-
SHA512
46d23870fff00e5d278830b0a5759a61ca38f5b15b4b4474afe9cd58d4a1035623bd055799154b7f931eae3c2b41632a7b71b297dec3363a364402648394f1ee
-
SSDEEP
98304:FjaimLAtiy6nOJj06feD0EMBeATxaoFHTG:FRCKX6Ol0oBEMcaxaIz
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-