General

  • Target

    Able2ExtractPro.exe

  • Size

    236.4MB

  • Sample

    241119-xleqgazfka

  • MD5

    501e18ebf35e79d49635098d798bdc22

  • SHA1

    7432faca9ef46ecd481075b384cd93653aee5f86

  • SHA256

    bcc36eb4303cacfe2059ac6c6fd131fab78374640feb721d2b5e98fcccd77a05

  • SHA512

    db066cd4a1a41ab8d61d2083a19bce3a0299805c525623baa0af83cac2d7fc1a307bb9cea1e963e427a79df28cf3c75e865f9b8939c22f01c739e2ed98afe6d7

  • SSDEEP

    3145728:6ZW39oISuin0oytQJBt4WE1ufL7W8mnwOKDoxHCTL:6w39oISuin0oRdJmEoE

Score
10/10

Malware Config

Extracted

Family

danabot

C2

221.0.222.0:85

223.0.82.0:90

67.0.83.0:76

79.0.96.1:0

Attributes
  • type

    loader

Targets

    • Target

      Able2ExtractPro.exe

    • Size

      236.4MB

    • MD5

      501e18ebf35e79d49635098d798bdc22

    • SHA1

      7432faca9ef46ecd481075b384cd93653aee5f86

    • SHA256

      bcc36eb4303cacfe2059ac6c6fd131fab78374640feb721d2b5e98fcccd77a05

    • SHA512

      db066cd4a1a41ab8d61d2083a19bce3a0299805c525623baa0af83cac2d7fc1a307bb9cea1e963e427a79df28cf3c75e865f9b8939c22f01c739e2ed98afe6d7

    • SSDEEP

      3145728:6ZW39oISuin0oytQJBt4WE1ufL7W8mnwOKDoxHCTL:6w39oISuin0oRdJmEoE

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks