General
-
Target
e8066bd7a0542d2b30357334de67656d9faa5b25d63ff2def633765721f6422a
-
Size
2.5MB
-
Sample
221208-2nf4jabg59
-
MD5
5b75fe0ffb572ea3dca4a33c4275f490
-
SHA1
5485ff57055bb31364fdcf92b426b467fedb98a4
-
SHA256
e8066bd7a0542d2b30357334de67656d9faa5b25d63ff2def633765721f6422a
-
SHA512
8f2f21bc316a0ec1511b39c495d96da41966fa777a0c3828685935b0ae9624bccf6c4d2ef71e0390d0ddcd3f5467a0b1c554a6f58ffc1e56cf56d28831ade556
-
SSDEEP
49152:eT2+uNAE5NbxXWPmNRvl3/BQ7VAbcL70k+/OhsYxvqVZ67JSOL1:+2+uhN9XWCzSSgXl+mBiVZ67JSOL1
Static task
static1
Behavioral task
behavioral1
Sample
e8066bd7a0542d2b30357334de67656d9faa5b25d63ff2def633765721f6422a.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
danabot
-
embedded_hash
341D2FD1638BB267A80C7445E1909B57
-
type
loader
Targets
-
-
Target
e8066bd7a0542d2b30357334de67656d9faa5b25d63ff2def633765721f6422a
-
Size
2.5MB
-
MD5
5b75fe0ffb572ea3dca4a33c4275f490
-
SHA1
5485ff57055bb31364fdcf92b426b467fedb98a4
-
SHA256
e8066bd7a0542d2b30357334de67656d9faa5b25d63ff2def633765721f6422a
-
SHA512
8f2f21bc316a0ec1511b39c495d96da41966fa777a0c3828685935b0ae9624bccf6c4d2ef71e0390d0ddcd3f5467a0b1c554a6f58ffc1e56cf56d28831ade556
-
SSDEEP
49152:eT2+uNAE5NbxXWPmNRvl3/BQ7VAbcL70k+/OhsYxvqVZ67JSOL1:+2+uhN9XWCzSSgXl+mBiVZ67JSOL1
Score10/10-
Blocklisted process makes network request
-
Sets DLL path for service in the registry
-
Sets service image path in registry
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-