General
-
Target
876b5319199f8e1cf0e410d352af83ffa2aa9b84c1f4ca5976b89530702e4d76.exe
-
Size
1.1MB
-
Sample
240725-e3h54sydqn
-
MD5
2e50294022bae9ad9b8dbfc8d1b01b3a
-
SHA1
e3a4505f86286b1512229df67420358a29d8f953
-
SHA256
876b5319199f8e1cf0e410d352af83ffa2aa9b84c1f4ca5976b89530702e4d76
-
SHA512
9441a1979a93f6b3b7dde697e11529b3e31ee14c370db1ecc3884393b78a1082453e2625758209bc066e0da622848d07d423719047c303b282e2f421b2863823
-
SSDEEP
24576:bLgcPCgLy06q0eHwkLQFI7UWE8QUNaToFVGPfN0:bsrgeoYyREwNaToFVGPO
Static task
static1
Behavioral task
behavioral1
Sample
876b5319199f8e1cf0e410d352af83ffa2aa9b84c1f4ca5976b89530702e4d76.exe
Resource
win7-20240705-en
Malware Config
Extracted
danabot
5
23.254.217.192:443
192.236.146.173:443
23.254.133.7:443
185.62.58.85:443
-
embedded_hash
3CCDCA270E94321B76E2E66C454CD541
-
type
loader
Targets
-
-
Target
876b5319199f8e1cf0e410d352af83ffa2aa9b84c1f4ca5976b89530702e4d76.exe
-
Size
1.1MB
-
MD5
2e50294022bae9ad9b8dbfc8d1b01b3a
-
SHA1
e3a4505f86286b1512229df67420358a29d8f953
-
SHA256
876b5319199f8e1cf0e410d352af83ffa2aa9b84c1f4ca5976b89530702e4d76
-
SHA512
9441a1979a93f6b3b7dde697e11529b3e31ee14c370db1ecc3884393b78a1082453e2625758209bc066e0da622848d07d423719047c303b282e2f421b2863823
-
SSDEEP
24576:bLgcPCgLy06q0eHwkLQFI7UWE8QUNaToFVGPfN0:bsrgeoYyREwNaToFVGPO
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-