General
-
Target
0ff222e570a6934c471b2bcb13b78f88c75e95141b7c84bbd3dc936d7d46437b
-
Size
4.0MB
-
Sample
221130-xbvnyahc2w
-
MD5
a8c0796d74fe9e34fe0c67a500dc7b32
-
SHA1
ebdd34cd4fda39ade14e4fc0c4e8ce4b397e8959
-
SHA256
0ff222e570a6934c471b2bcb13b78f88c75e95141b7c84bbd3dc936d7d46437b
-
SHA512
906db571ec138e9fec43e9182ecf2a6a2af7120f85169e14e68d4632c36bf785768a87e2043c9107b0db23f0a3f7c7473b8b1a45a943b79d68d9baf2d8bede33
-
SSDEEP
98304:acC8excbiUsPc9K7YrHDjJzp1PGcjXF1D4TQ4Ll5nZGv13dwsBD:acC8eKGU8c9fVpBLJ1MT5J5nZp
Static task
static1
Behavioral task
behavioral1
Sample
0ff222e570a6934c471b2bcb13b78f88c75e95141b7c84bbd3dc936d7d46437b.exe
Resource
win7-20221111-en
Malware Config
Extracted
danabot
1765
3
79.124.78.236:443
134.119.186.199:443
192.236.162.42:443
134.119.186.198:443
-
embedded_hash
82C66843DE542BC5CB88F713DE39B52B
-
type
main
Targets
-
-
Target
0ff222e570a6934c471b2bcb13b78f88c75e95141b7c84bbd3dc936d7d46437b
-
Size
4.0MB
-
MD5
a8c0796d74fe9e34fe0c67a500dc7b32
-
SHA1
ebdd34cd4fda39ade14e4fc0c4e8ce4b397e8959
-
SHA256
0ff222e570a6934c471b2bcb13b78f88c75e95141b7c84bbd3dc936d7d46437b
-
SHA512
906db571ec138e9fec43e9182ecf2a6a2af7120f85169e14e68d4632c36bf785768a87e2043c9107b0db23f0a3f7c7473b8b1a45a943b79d68d9baf2d8bede33
-
SSDEEP
98304:acC8excbiUsPc9K7YrHDjJzp1PGcjXF1D4TQ4Ll5nZGv13dwsBD:acC8eKGU8c9fVpBLJ1MT5J5nZp
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-