General
-
Target
159285b33651bd7a9ae9fa6b7c6975e4df5d980b0c8ae94ee42185824e5e854c
-
Size
2.4MB
-
Sample
221218-x71j3age3x
-
MD5
90e31bba0579eef6c26cbc88e32c65e6
-
SHA1
ecd1c9638264a0bcd9e55488a11b934fbbe58f4b
-
SHA256
159285b33651bd7a9ae9fa6b7c6975e4df5d980b0c8ae94ee42185824e5e854c
-
SHA512
a03953d64508dc760b3e6bab2260011e80ebfe42f9bb9138416b54017d328fe8d659f82a9dd5561c6cca74bccaf5ee100123b4cb52d30203252a0e537dd7da1d
-
SSDEEP
49152:QUnspmnDLnQ5ZurGTKPNDmNapLuhOIPytpgYglKqaO9ZlNlITG5pilX01MceKofS:QUs037BDmaEOI6tiPXrHflITjlE1RIKd
Static task
static1
Behavioral task
behavioral1
Sample
159285b33651bd7a9ae9fa6b7c6975e4df5d980b0c8ae94ee42185824e5e854c.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
danabot
23.236.181.126:443
123.253.35.251:443
66.85.173.3:443
-
embedded_hash
8F56CD73F6B5CD5D7B17B0BA61E70A82
-
type
loader
Targets
-
-
Target
159285b33651bd7a9ae9fa6b7c6975e4df5d980b0c8ae94ee42185824e5e854c
-
Size
2.4MB
-
MD5
90e31bba0579eef6c26cbc88e32c65e6
-
SHA1
ecd1c9638264a0bcd9e55488a11b934fbbe58f4b
-
SHA256
159285b33651bd7a9ae9fa6b7c6975e4df5d980b0c8ae94ee42185824e5e854c
-
SHA512
a03953d64508dc760b3e6bab2260011e80ebfe42f9bb9138416b54017d328fe8d659f82a9dd5561c6cca74bccaf5ee100123b4cb52d30203252a0e537dd7da1d
-
SSDEEP
49152:QUnspmnDLnQ5ZurGTKPNDmNapLuhOIPytpgYglKqaO9ZlNlITG5pilX01MceKofS:QUs037BDmaEOI6tiPXrHflITjlE1RIKd
-
Blocklisted process makes network request
-
Sets DLL path for service in the registry
-
Sets service image path in registry
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-