General
-
Target
157757F5065076824EA142B1E3910B51326149A0A457F986CC4270B5FEC1D319.exe
-
Size
1.1MB
-
Sample
240724-npfbqsxdjc
-
MD5
3f08f2c68c3d12cf753a9d7f7f13a775
-
SHA1
46c7ba1688f16fae39ee83818028b931f1327398
-
SHA256
6da426e667bd9c1d5b587049fa913c41a0e150a2422aa1b01ab0a803048e37db
-
SHA512
422c663c2bf44c07c2f71f3ddb59025d65c0f6573380873da88879014c9bac6a7e772696ecd0cdb72897885d5154446caefbec558a20104bbf994f3375c3f2ae
-
SSDEEP
12288:q3vqr/B17jAPeQp37W9nsLx3EXWcUoHM00znmPJcWZTziS5Zugfz3xaCXBKQp6:IvqrPjALp2sdyNUCM0yGPZuEZugbWQg
Static task
static1
Behavioral task
behavioral1
Sample
157757F5065076824EA142B1E3910B51326149A0A457F986CC4270B5FEC1D319.exe
Resource
win7-20240708-en
Malware Config
Extracted
danabot
5
23.254.217.192:443
192.236.146.173:443
23.254.133.7:443
185.62.58.85:443
-
embedded_hash
3CCDCA270E94321B76E2E66C454CD541
-
type
loader
Targets
-
-
Target
157757F5065076824EA142B1E3910B51326149A0A457F986CC4270B5FEC1D319.exe
-
Size
1.1MB
-
MD5
3f08f2c68c3d12cf753a9d7f7f13a775
-
SHA1
46c7ba1688f16fae39ee83818028b931f1327398
-
SHA256
6da426e667bd9c1d5b587049fa913c41a0e150a2422aa1b01ab0a803048e37db
-
SHA512
422c663c2bf44c07c2f71f3ddb59025d65c0f6573380873da88879014c9bac6a7e772696ecd0cdb72897885d5154446caefbec558a20104bbf994f3375c3f2ae
-
SSDEEP
12288:q3vqr/B17jAPeQp37W9nsLx3EXWcUoHM00znmPJcWZTziS5Zugfz3xaCXBKQp6:IvqrPjALp2sdyNUCM0yGPZuEZugbWQg
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-