General
-
Target
feb51227aff66478f678e970927968a5548d51d585519c9954f9ceb7e0807e30
-
Size
214KB
-
Sample
221218-rvlx9afb7y
-
MD5
5844764fbdf79a7c7fc86c4138a1107a
-
SHA1
57c0741944242e9b7db789231b18cef291c527ae
-
SHA256
feb51227aff66478f678e970927968a5548d51d585519c9954f9ceb7e0807e30
-
SHA512
2336b0c2509a5dec0ca563324995ea4fcb6bc3a44c30179bf4dc324bfb76124329fd91c520f9c2c419bd7921e4f8e4365e243e8efdabc4028e93089507c45351
-
SSDEEP
3072:wm+H3LBDtR8izIJvUirgENfkxayg3uhRJ0sCLEHHOil3lk025PH:LWLRgJdgOMxaL+HrHjlVklPH
Static task
static1
Malware Config
Extracted
danabot
23.236.181.126:443
123.253.35.251:443
66.85.173.3:443
-
embedded_hash
8F56CD73F6B5CD5D7B17B0BA61E70A82
-
type
loader
Targets
-
-
Target
feb51227aff66478f678e970927968a5548d51d585519c9954f9ceb7e0807e30
-
Size
214KB
-
MD5
5844764fbdf79a7c7fc86c4138a1107a
-
SHA1
57c0741944242e9b7db789231b18cef291c527ae
-
SHA256
feb51227aff66478f678e970927968a5548d51d585519c9954f9ceb7e0807e30
-
SHA512
2336b0c2509a5dec0ca563324995ea4fcb6bc3a44c30179bf4dc324bfb76124329fd91c520f9c2c419bd7921e4f8e4365e243e8efdabc4028e93089507c45351
-
SSDEEP
3072:wm+H3LBDtR8izIJvUirgENfkxayg3uhRJ0sCLEHHOil3lk025PH:LWLRgJdgOMxaL+HrHjlVklPH
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-