General
-
Target
1904179129571057cc163fc3f6098f88dac62e929d1a0fd2f5227122a76fe9ce
-
Size
2.4MB
-
Sample
221218-p25ylaca58
-
MD5
61d988e9e9a8fd2be991708b3ae62d16
-
SHA1
699c23b11f591eb1da3699d1a438adf4bc90056e
-
SHA256
1904179129571057cc163fc3f6098f88dac62e929d1a0fd2f5227122a76fe9ce
-
SHA512
733f09296b567f957b5484dea4a509f470781e045730f7bde42fb15d32f8a67c618c9eab55b599c5e5d0f77714d58c3c901ff57eee852e78e90c8eceb308ae8f
-
SSDEEP
49152:jRTvDqSU3n1r8bCTV+8f1My3xvBQ5dqfDk2SYS9JHtMzo:hvDqj3n13Rvkq7kdLxtMzo
Static task
static1
Behavioral task
behavioral1
Sample
1904179129571057cc163fc3f6098f88dac62e929d1a0fd2f5227122a76fe9ce.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
danabot
23.236.181.126:443
123.253.35.251:443
66.85.173.3:443
-
embedded_hash
8F56CD73F6B5CD5D7B17B0BA61E70A82
-
type
loader
Targets
-
-
Target
1904179129571057cc163fc3f6098f88dac62e929d1a0fd2f5227122a76fe9ce
-
Size
2.4MB
-
MD5
61d988e9e9a8fd2be991708b3ae62d16
-
SHA1
699c23b11f591eb1da3699d1a438adf4bc90056e
-
SHA256
1904179129571057cc163fc3f6098f88dac62e929d1a0fd2f5227122a76fe9ce
-
SHA512
733f09296b567f957b5484dea4a509f470781e045730f7bde42fb15d32f8a67c618c9eab55b599c5e5d0f77714d58c3c901ff57eee852e78e90c8eceb308ae8f
-
SSDEEP
49152:jRTvDqSU3n1r8bCTV+8f1My3xvBQ5dqfDk2SYS9JHtMzo:hvDqj3n13Rvkq7kdLxtMzo
-
Blocklisted process makes network request
-
Sets DLL path for service in the registry
-
Sets service image path in registry
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-