General
-
Target
142a628ff0ad7530ea56cec988bf3d6190d13e07c29035612742a3aebf4998a3
-
Size
2.4MB
-
Sample
221218-vptmpafg81
-
MD5
b74e7d4ebab6a3f1841f60c7d2622ebe
-
SHA1
65bbbca128f357149623ffedbe6182a0b4f83a8f
-
SHA256
142a628ff0ad7530ea56cec988bf3d6190d13e07c29035612742a3aebf4998a3
-
SHA512
cfca435544f1d54c8c3abf774eae1a7cf605456f0b9f584b08ae7f3bc527563c5bfb0627e895f67940d4b754ba1c1ccb25f9e76b036ae3189c2e0400314ae0e7
-
SSDEEP
49152:ZwxCw5zGmoLGBnZ70b1sW2Cw3Umij5s0UcTRZSE/w:ZwxCaGmqGBs1DtwEmi9s0N/w
Static task
static1
Behavioral task
behavioral1
Sample
142a628ff0ad7530ea56cec988bf3d6190d13e07c29035612742a3aebf4998a3.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
danabot
23.236.181.126:443
123.253.35.251:443
66.85.173.3:443
-
embedded_hash
8F56CD73F6B5CD5D7B17B0BA61E70A82
-
type
loader
Targets
-
-
Target
142a628ff0ad7530ea56cec988bf3d6190d13e07c29035612742a3aebf4998a3
-
Size
2.4MB
-
MD5
b74e7d4ebab6a3f1841f60c7d2622ebe
-
SHA1
65bbbca128f357149623ffedbe6182a0b4f83a8f
-
SHA256
142a628ff0ad7530ea56cec988bf3d6190d13e07c29035612742a3aebf4998a3
-
SHA512
cfca435544f1d54c8c3abf774eae1a7cf605456f0b9f584b08ae7f3bc527563c5bfb0627e895f67940d4b754ba1c1ccb25f9e76b036ae3189c2e0400314ae0e7
-
SSDEEP
49152:ZwxCw5zGmoLGBnZ70b1sW2Cw3Umij5s0UcTRZSE/w:ZwxCaGmqGBs1DtwEmi9s0N/w
-
Blocklisted process makes network request
-
Sets DLL path for service in the registry
-
Sets service image path in registry
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-