General
-
Target
f6021e91b81a4c8b67b8de900402b20ad0fc306730f197fe2b09da36254702c7
-
Size
2.5MB
-
Sample
221208-zf2ddsed4x
-
MD5
c4409a7d003bde5729eb9760b3834bcc
-
SHA1
3b0e8141574dddd97eb60815d44acf7eec39a54f
-
SHA256
f6021e91b81a4c8b67b8de900402b20ad0fc306730f197fe2b09da36254702c7
-
SHA512
8769beeb986059f6322d51d3cad81d2bec9451d0b6776377241b438ffc01b2a6113f9825b3f7cbdd586e4a3272ce33e532aaf6ca6c5cb7a6101a0df5f4c4e1dd
-
SSDEEP
49152:GyK0q+a0dRW0aOMrYnUjfxirkl6p7Ud7V0PHUKAlsNbHjWzM8dKsz6UpkMJ:LK0q+p60aRYnaZEkl6BU12PxAlKbiTK2
Static task
static1
Behavioral task
behavioral1
Sample
f6021e91b81a4c8b67b8de900402b20ad0fc306730f197fe2b09da36254702c7.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
danabot
-
embedded_hash
341D2FD1638BB267A80C7445E1909B57
-
type
loader
Targets
-
-
Target
f6021e91b81a4c8b67b8de900402b20ad0fc306730f197fe2b09da36254702c7
-
Size
2.5MB
-
MD5
c4409a7d003bde5729eb9760b3834bcc
-
SHA1
3b0e8141574dddd97eb60815d44acf7eec39a54f
-
SHA256
f6021e91b81a4c8b67b8de900402b20ad0fc306730f197fe2b09da36254702c7
-
SHA512
8769beeb986059f6322d51d3cad81d2bec9451d0b6776377241b438ffc01b2a6113f9825b3f7cbdd586e4a3272ce33e532aaf6ca6c5cb7a6101a0df5f4c4e1dd
-
SSDEEP
49152:GyK0q+a0dRW0aOMrYnUjfxirkl6p7Ud7V0PHUKAlsNbHjWzM8dKsz6UpkMJ:LK0q+p60aRYnaZEkl6BU12PxAlKbiTK2
-
Blocklisted process makes network request
-
Sets DLL path for service in the registry
-
Sets service image path in registry
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-