General
-
Target
ab8b77119439daf598b0f6b0801af58b
-
Size
2.9MB
-
Sample
240228-k9zz4agb36
-
MD5
ab8b77119439daf598b0f6b0801af58b
-
SHA1
1b619621c699dc509bb8aa0a3996b22cc9ee1321
-
SHA256
d73fba668845db5d6521d7eb9741f811fce9d79edf0a0e9c66a0a00b54c916fc
-
SHA512
7fbefb921d02253bf748b1da8c726855e5611186c3f2e574c88d5217e750be1a90ca469dc1e4f90ce3b7ef0817f0d6fcf5602f368241c88c9c20b0a0e91f4616
-
SSDEEP
49152:18CFrvu7i5NcFYbd1fLbHhuJfAkRJWqckw6TvU9lL:1PJ5NcO51fcJfAoWqeSylL
Behavioral task
behavioral1
Sample
ab8b77119439daf598b0f6b0801af58b.exe
Resource
win7-20240221-en
Malware Config
Extracted
danabot
4
23.229.29.48:443
5.9.224.204:443
192.210.222.81:443
-
type
loader
Targets
-
-
Target
ab8b77119439daf598b0f6b0801af58b
-
Size
2.9MB
-
MD5
ab8b77119439daf598b0f6b0801af58b
-
SHA1
1b619621c699dc509bb8aa0a3996b22cc9ee1321
-
SHA256
d73fba668845db5d6521d7eb9741f811fce9d79edf0a0e9c66a0a00b54c916fc
-
SHA512
7fbefb921d02253bf748b1da8c726855e5611186c3f2e574c88d5217e750be1a90ca469dc1e4f90ce3b7ef0817f0d6fcf5602f368241c88c9c20b0a0e91f4616
-
SSDEEP
49152:18CFrvu7i5NcFYbd1fLbHhuJfAkRJWqckw6TvU9lL:1PJ5NcO51fcJfAoWqeSylL
-
Danabot Loader Component
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-