General
-
Target
cb0fb16a8600ed4d7cc0e2e799ee2d387336ac4396e81c400900d822003c85ab
-
Size
1.4MB
-
Sample
230129-r8wdvada3w
-
MD5
bdf665a8c154813acbc9248b04632439
-
SHA1
7f0735dd37f0be3b6ef62decf063449cebcff237
-
SHA256
cb0fb16a8600ed4d7cc0e2e799ee2d387336ac4396e81c400900d822003c85ab
-
SHA512
a3ae986efd8a2f7a85b90c2869e8995f18b581b995746e3e660b3fa030c934372158bc9c12b080de0c3fb486d809f5a5e8b0c9ae4ac1e91c04c056373dbc6385
-
SSDEEP
12288:ZYinvW0+d/iOPxhiSw2iv+3BFShNHd0ALmw+5ERQa+mTNLEpD:ZYiOR/iOPxKlvULShtd0ASE8
Static task
static1
Behavioral task
behavioral1
Sample
cb0fb16a8600ed4d7cc0e2e799ee2d387336ac4396e81c400900d822003c85ab.vbs
Resource
win7-20220901-en
Malware Config
Extracted
danabot
17.61.181.105
106.24.105.193
185.92.222.238
31.22.129.27
148.52.73.88
8.17.13.17
178.209.51.211
132.245.225.89
240.11.153.6
45.198.49.124
Targets
-
-
Target
cb0fb16a8600ed4d7cc0e2e799ee2d387336ac4396e81c400900d822003c85ab
-
Size
1.4MB
-
MD5
bdf665a8c154813acbc9248b04632439
-
SHA1
7f0735dd37f0be3b6ef62decf063449cebcff237
-
SHA256
cb0fb16a8600ed4d7cc0e2e799ee2d387336ac4396e81c400900d822003c85ab
-
SHA512
a3ae986efd8a2f7a85b90c2869e8995f18b581b995746e3e660b3fa030c934372158bc9c12b080de0c3fb486d809f5a5e8b0c9ae4ac1e91c04c056373dbc6385
-
SSDEEP
12288:ZYinvW0+d/iOPxhiSw2iv+3BFShNHd0ALmw+5ERQa+mTNLEpD:ZYiOR/iOPxKlvULShtd0ASE8
-
Danabot x86 payload
Detection of Danabot x86 payload, mapped in memory during the execution of its loader.
-
Blocklisted process makes network request
-
Loads dropped DLL
-