MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0cbc99017336a7e835494b822f84821254a78b0ae7dea476ed98bca861b1936b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

DanaBot

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments 1

SHA256 hash:	0cbc99017336a7e835494b822f84821254a78b0ae7dea476ed98bca861b1936b
SHA3-384 hash:	5c8f5c4d65aeb777c93ff5981d9868899bfdf454b880c0befc335dfda235f12c640645db89c433e5d4fba624ff62f8ce
SHA1 hash:	30f5f9d7236806b7586d896f02b6ae25da54d90d
MD5 hash:	341e63d0f0934ba186bd27a5e43ede35
humanhash:	carpet-missouri-network-floor
File name:	341e63d0f0934ba186bd27a5e43ede35
Download:	download sample
Signature	DanaBot Create hunting rule
File size:	1'205'760 bytes
First seen:	2021-09-24 07:19:45 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	658c49f2b142429657b3337ed8c9de9e (4 x RaccoonStealer, 3 x RedLineStealer, 1 x DanaBot)
ssdeep	24576:vDM1/AEuX8yyzgNBGLaKgiq6x1LLDdjLYetXxE:y1uXcgGLaKghG1n5jkQXxE
Threatray	5'673 similar samples on MalwareBazaar
TLSH	T1F2451220BBF0C035F2B653F695B953B9692DBE706778D8CBA2C50AE542616E0CD30397
File icon (PE):
dhash icon	aad8ac9cc6a68ee0 (34 x RedLineStealer, 14 x RaccoonStealer, 11 x Smoke Loader)
Reporter	zbetcheckin
Tags:	32 DanaBot exe

Intelligence

File Origin

# of uploads :

# of downloads :

292

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

341e63d0f0934ba186bd27a5e43ede35

Verdict:

Malicious activity

Analysis date:

2021-09-24 07:21:34 UTC

Tags:

trojan danabot

Link:

https://app.any.run/tasks/ef649830-d6ea-4835-874c-a4c1159e9116

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

DanaBot

Link:

https://www.capesandbox.com/analysis/191068/

Detection(s):

SecuriteInfo.com.W32.AIDetect.malware1.16939.21334.UNOFFICIAL

Malware family:

Generic Malware

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/0efe536c-78e4-4811-a126-3a6dce9d74dc

Result

Threat name:

DanaBot

Detection:

malicious

Classification:

troj.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/857129

Signature

C2 URLs / IPs found in malware configuration

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Found malware configuration

Machine Learning detection for sample

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

System process connects to network (likely due to code injection or exploit)

Yara detected DanaBot stealer dll

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/0cbc99017336a7e835494b822f84821254a78b0ae7dea476ed98bca861b1936b/

Threat name:

Win32.Trojan.Pwsx

Status:

Malicious

First seen:

2021-09-24 07:17:56 UTC

AV detection:

17 of 45 (37.78%)

Threat level:

5/5

Verdict:

malicious

Gathering data

Unpacked files

SH256 hash:

ccbf18ebe3543ea381b2c26b32ea5d37dc7cc4969441cdcc60d3b38d9eaf79d7

MD5 hash:

f2340dd6c825a2541b7fddc42f976573

SHA1 hash:

e501786d13a6c50ee00659cbf3f9f2af152e3e01

Link:

https://www.unpac.me/results/53bb775f-4645-4033-9e36-f45787a685d3/

SH256 hash:

be1168a431bb2ea4987e9a144f6812623c8f648253cf0a79732a3cf73bdf9f87

MD5 hash:

5441f54654f6af041c0a2dc731af1077

SHA1 hash:

92cab3647af39c944d4720343e8e84c42b5e18b1

Link:

https://www.unpac.me/results/53bb775f-4645-4033-9e36-f45787a685d3/

SH256 hash:

f532e033d83e63f4e29f525eb7054943ca4f78003732ff79dd31adf21f651525

MD5 hash:

1d7d6f9f0504589051d21fd167aa0419

SHA1 hash:

9733b1e495da9d10a7177f134be13276184b4a7c

Link:

https://www.unpac.me/results/53bb775f-4645-4033-9e36-f45787a685d3/

SH256 hash:

b9bdb9a282456d8bf41d63553ee137299ef187d5fcdfb678c2a526f122d2b892

MD5 hash:

b7db04ab7a85cc8584b6ec4f1ad318c2

SHA1 hash:

280266b1d0e812e9d4d46adfdedc2f60b05d3460

Link:

https://www.unpac.me/results/53bb775f-4645-4033-9e36-f45787a685d3/

SH256 hash:

848610ea4010f5dfdfded96b8419a2730ea6741448a8bc7662ab1bd394df8d23

MD5 hash:

9a02022de387818ade41850c2c25f772

SHA1 hash:

3d5a2931d96a7084f828daf81855c12721d8eb9b

Link:

https://www.unpac.me/results/53bb775f-4645-4033-9e36-f45787a685d3/

SH256 hash:

0cbc99017336a7e835494b822f84821254a78b0ae7dea476ed98bca861b1936b

MD5 hash:

341e63d0f0934ba186bd27a5e43ede35

SHA1 hash:

30f5f9d7236806b7586d896f02b6ae25da54d90d

Link:

https://www.unpac.me/results/53bb775f-4645-4033-9e36-f45787a685d3/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/0cbc99017336a7e835494b822f84821254a78b0ae7dea476ed98bca861b1936b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DanaBot

exe 0cbc99017336a7e835494b822f84821254a78b0ae7dea476ed98bca861b1936b

(this sample)

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/191068/

URLhaus

https://urlhaus.abuse.ch/url/1640605/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

zbet commented on 2021-09-24 07:19:47 UTC

url : hxxp://80.209.233.231/nscvhost.exe