General
-
Target
4adf50b94e6915d1ca4e3e06cbb861518d881f209ff392584de57a7bd90ec2b7
-
Size
4.4MB
-
Sample
221220-rtb2nada9x
-
MD5
49a30a20e0376301f0dfb1793e04a2e2
-
SHA1
c7ffa147528a459e457055292c495284a018f07b
-
SHA256
4adf50b94e6915d1ca4e3e06cbb861518d881f209ff392584de57a7bd90ec2b7
-
SHA512
fa966e0c2f49e8740122168d6a27d56c3cdd1416cce39a695795f74e695919ad550186b156bec3113b86e3f693071eee57ab60585fa8a7514bef0a573a9c6fe7
-
SSDEEP
98304:WZ0FeOexKrUi33OKsV0ZIJyQA2bsv2letgbaIisfRrl84:WZ0FeOeorZ3eKsV0CJ02o2egbgO
Static task
static1
Behavioral task
behavioral1
Sample
4adf50b94e6915d1ca4e3e06cbb861518d881f209ff392584de57a7bd90ec2b7.exe
Resource
win7-20220901-en
Malware Config
Extracted
danabot
49.0.50.0:57
51.0.52.0:0
53.0.54.0:1200
55.0.56.0:65535
-
type
loader
Targets
-
-
Target
4adf50b94e6915d1ca4e3e06cbb861518d881f209ff392584de57a7bd90ec2b7
-
Size
4.4MB
-
MD5
49a30a20e0376301f0dfb1793e04a2e2
-
SHA1
c7ffa147528a459e457055292c495284a018f07b
-
SHA256
4adf50b94e6915d1ca4e3e06cbb861518d881f209ff392584de57a7bd90ec2b7
-
SHA512
fa966e0c2f49e8740122168d6a27d56c3cdd1416cce39a695795f74e695919ad550186b156bec3113b86e3f693071eee57ab60585fa8a7514bef0a573a9c6fe7
-
SSDEEP
98304:WZ0FeOexKrUi33OKsV0ZIJyQA2bsv2letgbaIisfRrl84:WZ0FeOeorZ3eKsV0CJ02o2egbgO
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-