General
-
Target
38f2183ab80dfc4f3c61e7df7228db4acf21e339d3c588f25b91030029437bc4
-
Size
2.4MB
-
Sample
221218-ne5hwabg35
-
MD5
5dcd48a0bd3fde2644210494e270babb
-
SHA1
8f41649be45702cbaf4cf28b786675fcd2147c97
-
SHA256
38f2183ab80dfc4f3c61e7df7228db4acf21e339d3c588f25b91030029437bc4
-
SHA512
514271a6d9f3678d0fc0fd92bd35d9ff6f5ebff04baa5fd6c9b4e2a2781f54f3d350e480f0e12b7264064bf174b7b00507bdea0b980407a9d98c8d03fb0a3f81
-
SSDEEP
49152:20hF3PquFGgGvi30wfVieozy+JHcG75SBDGQ+JqGcYucqDoW1ol:20hhiXi3niNyO7ws4GcCx
Static task
static1
Behavioral task
behavioral1
Sample
38f2183ab80dfc4f3c61e7df7228db4acf21e339d3c588f25b91030029437bc4.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
danabot
23.236.181.126:443
123.253.35.251:443
66.85.173.3:443
-
embedded_hash
8F56CD73F6B5CD5D7B17B0BA61E70A82
-
type
loader
Targets
-
-
Target
38f2183ab80dfc4f3c61e7df7228db4acf21e339d3c588f25b91030029437bc4
-
Size
2.4MB
-
MD5
5dcd48a0bd3fde2644210494e270babb
-
SHA1
8f41649be45702cbaf4cf28b786675fcd2147c97
-
SHA256
38f2183ab80dfc4f3c61e7df7228db4acf21e339d3c588f25b91030029437bc4
-
SHA512
514271a6d9f3678d0fc0fd92bd35d9ff6f5ebff04baa5fd6c9b4e2a2781f54f3d350e480f0e12b7264064bf174b7b00507bdea0b980407a9d98c8d03fb0a3f81
-
SSDEEP
49152:20hF3PquFGgGvi30wfVieozy+JHcG75SBDGQ+JqGcYucqDoW1ol:20hhiXi3niNyO7ws4GcCx
-
Blocklisted process makes network request
-
Sets DLL path for service in the registry
-
Sets service image path in registry
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-