MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0f295d377540773127f73cf21c555c0358b8e28d8e74307535dd41839bf78f2b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DanaBot


Vendor detections: 13


Intelligence 13 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0f295d377540773127f73cf21c555c0358b8e28d8e74307535dd41839bf78f2b
SHA3-384 hash: 9daea6a2558a2ce308d01e646dbaee5147f242cc0c5d277e64eddcdb408edd4b27bcbcf94851d9dd071a34e659527923
SHA1 hash: dc91c237153aaab8731463d097da924f91f5e941
MD5 hash: 043835ebedfab7d8c9424845a4fc6095
humanhash: enemy-arizona-december-twelve
File name:043835ebedfab7d8c9424845a4fc6095.exe
Download: download sample
Signature DanaBot
Create hunting rule
File size:6'378'496 bytes
First seen:2022-10-28 09:31:24 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash e558f40aca4f32a75ed234dc7b40d290 (9 x RedLineStealer, 8 x Smoke Loader, 5 x Amadey)
ssdeep 196608:N4x1eVpIitTMHCmGJUf86xszkNFzugpehepUy:NNpIiYCmBfRxszm9fpeYp
Threatray 423 similar samples on MalwareBazaar
TLSH T18D563300B175E132E7D53535EE1953AAD5FABBB8123838439A50367E38B1BC0726EDC6
TrID 40.3% (.EXE) Win64 Executable (generic) (10523/12/4)
19.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
17.2% (.EXE) Win32 Executable (generic) (4505/5/1)
7.7% (.EXE) OS/2 Executable (generic) (2029/13)
7.6% (.EXE) Generic Win/DOS Executable (2002/3)
File icon (PE):PE icon
dhash icon 480c1c4c4f594b14 (172 x Smoke Loader, 134 x RedLineStealer, 98 x Amadey)
Reporter abuse_ch
Tags:DanaBot exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
282
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
danabot
Create hunting rule
ID:
1
File name:
043835ebedfab7d8c9424845a4fc6095.exe
Verdict:
Malicious activity
Analysis date:
2022-10-28 09:51:39 UTC
Tags:
danabot
Link:
https://app.any.run/tasks/083874bd-d111-40f4-89db-e2b733998a09

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
DanaBot
Create hunting rule
Link:
https://www.capesandbox.com/analysis/325471/
Detection(s):
Win.Packed.Tofsee-9951336-0
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Creating a file in the %temp% directory
Searching for synchronization primitives
Launching the default Windows debugger (dwwin.exe)
Сreating synchronization primitives
Sending a custom TCP request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/635ba5fb9b9bf84bf679c31e/reports/1e4daa78-11ad-4974-a7ff-9b3eeb138bc5/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
DanaBot
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/c25b8e39-9755-4248-b17b-82a102cc2b81
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/1100271
Signature
Antivirus detection for dropped file
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0f295d377540773127f73cf21c555c0358b8e28d8e74307535dd41839bf78f2b/
Threat name:
Win32.Trojan.Raccoon
Create hunting rule
Status:
Malicious
First seen:
2022-10-27 23:57:55 UTC
File Type:
PE (Exe)
Extracted files:
22
AV detection:
22 of 26 (84.62%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=b4uv2n3vib3tcj7xhtzbyvk4anmlryunrz2da5jv3vayhg7xr4vq._file
Verdict:
malicious
Similar samples:
2f43972540a6cae0eb4e50d142860bdc278b44b9b4606747c58e19383efa82f5
DanaBot
5388b531f6d52bb164dbb60d11e016b0ce99edbd71b98422061f641dbedb242e
DanaBot
5a887c05193d46c6ef71ea39ca0b764db4f717d5bc994c778c9d2676978f3483
DanaBot
97a1dadc6e1ccaa807240649c63f175169b0badaf65be530e98ad7790d69fc1e
DanaBot
bbefd006263022389bbcd69a68a8d894edf503dbb303b2da0870f365dcdf8287
DanaBot
c7a4fad10ef66516e492ab30d600be219ea259c4f0a42a3f664ae7b3cd94e2b7
DanaBot
d5faba20007266314cf176b9e49ccbc35c3fd2b0982fcd73f7b5794539b42e89
DanaBot
ea315e9e65af9d1d95ac0636abde389107bb131f99e9eeac2dd16821be1ba888
DanaBot
f767e0a0d19a0e1a3788cdd2ff6468fe08add55cdcc469ea54b1ce59c6aeaa20
DanaBot
+ 413 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/221028-lhnnesfbh4/
Behaviour
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Checks computer location settings
Loads dropped DLL
Blocklisted process makes network request
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/08a4cf61-6c7c-4851-85f8-1f9558e8997d
Unpacked files
SH256 hash:
d927aed98605099bcb0222c6b395b8a27e697464dc33315d085f4e53a04399c8
MD5 hash:
d620c89c26677a85689634e2a62de328
SHA1 hash:
11e09c0bea122b1b00ac427ef9343699b88d5595
Link:
https://www.unpac.me/results/4d0f3e78-100a-4061-a4f5-ba6c5b751f22/
SH256 hash:
1e0ed2ee99195ef2a03317d2a8052923568c26dc732b625b4e3cff6db1e1f455
MD5 hash:
753e816f108da0a7910094e3247fb762
SHA1 hash:
797b006812c54cff63791894230567d305f60d61
Link:
https://www.unpac.me/results/4d0f3e78-100a-4061-a4f5-ba6c5b751f22/
SH256 hash:
5fa8b886b18c032a11243d7efe0fccc1c92ce0c96efddcbcefefc724e100ea97
MD5 hash:
5a0f6ab05200468446c23125f99895d2
SHA1 hash:
a3e2231444dec0c73a649742fc950cfdac68d3f9
Link:
https://www.unpac.me/results/4d0f3e78-100a-4061-a4f5-ba6c5b751f22/
SH256 hash:
d91be0b82b7b4d1faf91150360f0ebe56214f1a73932198c8900cef9c45d9bf5
MD5 hash:
3bb15da2d48002d89e64cb36db6ecc2f
SHA1 hash:
8c512c3bd8601173fe1d884f9ab957010b839ba6
Link:
https://www.unpac.me/results/4d0f3e78-100a-4061-a4f5-ba6c5b751f22/
SH256 hash:
54ccdad43be271cfd9c5fd368faaf6837c36789eab87ccf61f1770e1bbdb4bc6
MD5 hash:
0328c72027d920c9f4b270a2ad7faa01
SHA1 hash:
146db560f4fe561d9b441e50e4d195effa084a4d
Link:
https://www.unpac.me/results/4d0f3e78-100a-4061-a4f5-ba6c5b751f22/
SH256 hash:
4a8ff831c99b4c097fb37e3d5e23f6546b15bda3af7a6a2dfe921bd66191ee79
MD5 hash:
2eb77b159eafb360b1c5dd8ed87db368
SHA1 hash:
dad2fdfabb5b155ce15f14ef6a91914829111040
Link:
https://www.unpac.me/results/4d0f3e78-100a-4061-a4f5-ba6c5b751f22/
SH256 hash:
bdca487320fa0b5efc243575736062199b4d7321b787b7d20f1213144658497c
MD5 hash:
179e3980ca1f02faa761b5ed1bd59026
SHA1 hash:
be29bebca3de73d1809cdca84a4938b329037d8c
Link:
https://www.unpac.me/results/4d0f3e78-100a-4061-a4f5-ba6c5b751f22/
SH256 hash:
cd0e9024bf2b02fe5cba533ee74366db6c0f5db19b9611808c37dcd1eef166de
MD5 hash:
68849d7a70b4afc8900b587fd5a19f78
SHA1 hash:
9f79b6af09ef985c973a2b3c4609c9bd67ef5899
Link:
https://www.unpac.me/results/4d0f3e78-100a-4061-a4f5-ba6c5b751f22/
SH256 hash:
c727720c8aaa74829d37674af89ca15cd63fa4b64f33b71995f794a80eba797e
MD5 hash:
7b1636cfca41836ae31240e9e0699301
SHA1 hash:
49cf81ca35b6b2e2fb59167fe52010fc92bd8fce
Link:
https://www.unpac.me/results/4d0f3e78-100a-4061-a4f5-ba6c5b751f22/
SH256 hash:
0514273312eab9ff53efffbc3c64e145a55e0dec2fa25908e769378a2d5d1678
MD5 hash:
b99519afaf36e9415f1d2ef518bb1795
SHA1 hash:
9468b4b4a599d26d7c90d2e5e4e21b8d8ec0b584
Link:
https://www.unpac.me/results/4d0f3e78-100a-4061-a4f5-ba6c5b751f22/
SH256 hash:
ca1e9cbd080e0ab3b19b86c54051be14e132c5c5eec9bebaa15954f1e7529635
MD5 hash:
2dd27122360011779182dd79834f0ad9
SHA1 hash:
9509a6d60fd1ea3d9a5589bb7f66eeb3242405c7
Link:
https://www.unpac.me/results/4d0f3e78-100a-4061-a4f5-ba6c5b751f22/
SH256 hash:
9d566e7e705831a92d6b3dd5614f22b09d4806d54e2360ebe338f74f5e2e3d63
MD5 hash:
d430757af849004b7e11f948a15e8944
SHA1 hash:
9b0dcda3999a963722e58b6d2c4b8a7859a8fdfd
Link:
https://www.unpac.me/results/4d0f3e78-100a-4061-a4f5-ba6c5b751f22/
SH256 hash:
e02a0e8d3bc40466d6793fe54068d2b416bddab6030718f1d273f6502e97a82d
MD5 hash:
458b7d7ccf6f29729cc7936c49b8cde9
SHA1 hash:
98b0fc4e0695b6365f35a55c6db40a2e24b0d018
Link:
https://www.unpac.me/results/4d0f3e78-100a-4061-a4f5-ba6c5b751f22/
SH256 hash:
3d9fd192f5eda560a93d2ba1d8cd853ae2e6cd106593f6f4b669604bbc0d6403
MD5 hash:
c8ccf8c4fad1c6f123a1c803f3819ecf
SHA1 hash:
c27f2d8525059e58a8fea66844335dd780e4318f
Link:
https://www.unpac.me/results/4d0f3e78-100a-4061-a4f5-ba6c5b751f22/
SH256 hash:
e7a6e62f968e9e170e70cec9af8756e1ddab20ac4011a92da8db56218dab5069
MD5 hash:
377be6fe2167671255aa39cfefacb6fb
SHA1 hash:
848a25526e6ed178ff66d563c427c5a098cb327f
Link:
https://www.unpac.me/results/4d0f3e78-100a-4061-a4f5-ba6c5b751f22/
SH256 hash:
431dc6ad51dbe781b97a620d35d8f74d7e919f30cbf266469822008328f67094
MD5 hash:
17118048b63a3f11e3d27417d1df8e8f
SHA1 hash:
d0e5b129c4bf3fcc71e3c3f858dcb323f65fc5dd
Link:
https://www.unpac.me/results/4d0f3e78-100a-4061-a4f5-ba6c5b751f22/
SH256 hash:
352ac88e10f007f642cff56c755caa2f4874f7a30f0097609e8779cd46c8d5d1
MD5 hash:
7ecc91b99dd42bebd972e766703537f0
SHA1 hash:
0c1e6cb5f0f2b6ebbb2762f8279e96cb09dc5eec
Link:
https://www.unpac.me/results/4d0f3e78-100a-4061-a4f5-ba6c5b751f22/
SH256 hash:
8cde75ccce00d0910b6e38ab1e05dc80a9a83a9c69eaae8b3b05fb191bf27ce4
MD5 hash:
2b9591300a12b7db424cc097779a218e
SHA1 hash:
f70e4367c92c1832327eea5f8d0eca61c119cd87
Link:
https://www.unpac.me/results/4d0f3e78-100a-4061-a4f5-ba6c5b751f22/
SH256 hash:
7d2e6693ded68ae0d18c1b4dd5b362c79c2f13f0990734e0a30d28e191adc790
MD5 hash:
cc39cd3c8865e5331fcce1dbefc955ff
SHA1 hash:
fc3a92cd9d8b31ea4eadbdf7b66b7de4afc517f0
Link:
https://www.unpac.me/results/4d0f3e78-100a-4061-a4f5-ba6c5b751f22/
SH256 hash:
53a60447acbcf6e269956c88bc8142939105d6ad303b4139cd0f0be666eb6c27
MD5 hash:
5d7c9236c92c89dfceb3a161837c68b9
SHA1 hash:
7a85ba87b1d611f0ecec019965f9f2160fd91313
Link:
https://www.unpac.me/results/4d0f3e78-100a-4061-a4f5-ba6c5b751f22/
SH256 hash:
f4cd3447c1166c18a37b473b332545ae85ea005cf54a9744fc4040f6ea7bb4f0
MD5 hash:
6388dd85caabd91e3c35521e3b29d87d
SHA1 hash:
e0e65c0be375a89037d8c059c9b3e7d3a21d939f
Link:
https://www.unpac.me/results/4d0f3e78-100a-4061-a4f5-ba6c5b751f22/
SH256 hash:
b408114613be4b0814868e91c1d1341db238abe30afa7c528bbc29b9b5fab3cd
MD5 hash:
9768aed0a981a94ddef5fb3d7d8bb74d
SHA1 hash:
29674bbef6e3db6f94cfd9a6df0f7b4ae8a73805
Link:
https://www.unpac.me/results/4d0f3e78-100a-4061-a4f5-ba6c5b751f22/
SH256 hash:
d927aed98605099bcb0222c6b395b8a27e697464dc33315d085f4e53a04399c8
MD5 hash:
d620c89c26677a85689634e2a62de328
SHA1 hash:
11e09c0bea122b1b00ac427ef9343699b88d5595
Link:
https://www.unpac.me/results/4d0f3e78-100a-4061-a4f5-ba6c5b751f22/
SH256 hash:
1e0ed2ee99195ef2a03317d2a8052923568c26dc732b625b4e3cff6db1e1f455
MD5 hash:
753e816f108da0a7910094e3247fb762
SHA1 hash:
797b006812c54cff63791894230567d305f60d61
Link:
https://www.unpac.me/results/4d0f3e78-100a-4061-a4f5-ba6c5b751f22/
SH256 hash:
5fa8b886b18c032a11243d7efe0fccc1c92ce0c96efddcbcefefc724e100ea97
MD5 hash:
5a0f6ab05200468446c23125f99895d2
SHA1 hash:
a3e2231444dec0c73a649742fc950cfdac68d3f9
Link:
https://www.unpac.me/results/4d0f3e78-100a-4061-a4f5-ba6c5b751f22/
SH256 hash:
d91be0b82b7b4d1faf91150360f0ebe56214f1a73932198c8900cef9c45d9bf5
MD5 hash:
3bb15da2d48002d89e64cb36db6ecc2f
SHA1 hash:
8c512c3bd8601173fe1d884f9ab957010b839ba6
Link:
https://www.unpac.me/results/4d0f3e78-100a-4061-a4f5-ba6c5b751f22/
SH256 hash:
54ccdad43be271cfd9c5fd368faaf6837c36789eab87ccf61f1770e1bbdb4bc6
MD5 hash:
0328c72027d920c9f4b270a2ad7faa01
SHA1 hash:
146db560f4fe561d9b441e50e4d195effa084a4d
Link:
https://www.unpac.me/results/4d0f3e78-100a-4061-a4f5-ba6c5b751f22/
SH256 hash:
4a8ff831c99b4c097fb37e3d5e23f6546b15bda3af7a6a2dfe921bd66191ee79
MD5 hash:
2eb77b159eafb360b1c5dd8ed87db368
SHA1 hash:
dad2fdfabb5b155ce15f14ef6a91914829111040
Link:
https://www.unpac.me/results/4d0f3e78-100a-4061-a4f5-ba6c5b751f22/
SH256 hash:
bdca487320fa0b5efc243575736062199b4d7321b787b7d20f1213144658497c
MD5 hash:
179e3980ca1f02faa761b5ed1bd59026
SHA1 hash:
be29bebca3de73d1809cdca84a4938b329037d8c
Link:
https://www.unpac.me/results/4d0f3e78-100a-4061-a4f5-ba6c5b751f22/
SH256 hash:
cd0e9024bf2b02fe5cba533ee74366db6c0f5db19b9611808c37dcd1eef166de
MD5 hash:
68849d7a70b4afc8900b587fd5a19f78
SHA1 hash:
9f79b6af09ef985c973a2b3c4609c9bd67ef5899
Link:
https://www.unpac.me/results/4d0f3e78-100a-4061-a4f5-ba6c5b751f22/
SH256 hash:
c727720c8aaa74829d37674af89ca15cd63fa4b64f33b71995f794a80eba797e
MD5 hash:
7b1636cfca41836ae31240e9e0699301
SHA1 hash:
49cf81ca35b6b2e2fb59167fe52010fc92bd8fce
Link:
https://www.unpac.me/results/4d0f3e78-100a-4061-a4f5-ba6c5b751f22/
SH256 hash:
0514273312eab9ff53efffbc3c64e145a55e0dec2fa25908e769378a2d5d1678
MD5 hash:
b99519afaf36e9415f1d2ef518bb1795
SHA1 hash:
9468b4b4a599d26d7c90d2e5e4e21b8d8ec0b584
Link:
https://www.unpac.me/results/4d0f3e78-100a-4061-a4f5-ba6c5b751f22/
SH256 hash:
ca1e9cbd080e0ab3b19b86c54051be14e132c5c5eec9bebaa15954f1e7529635
MD5 hash:
2dd27122360011779182dd79834f0ad9
SHA1 hash:
9509a6d60fd1ea3d9a5589bb7f66eeb3242405c7
Link:
https://www.unpac.me/results/4d0f3e78-100a-4061-a4f5-ba6c5b751f22/
SH256 hash:
9d566e7e705831a92d6b3dd5614f22b09d4806d54e2360ebe338f74f5e2e3d63
MD5 hash:
d430757af849004b7e11f948a15e8944
SHA1 hash:
9b0dcda3999a963722e58b6d2c4b8a7859a8fdfd
Link:
https://www.unpac.me/results/4d0f3e78-100a-4061-a4f5-ba6c5b751f22/
SH256 hash:
e02a0e8d3bc40466d6793fe54068d2b416bddab6030718f1d273f6502e97a82d
MD5 hash:
458b7d7ccf6f29729cc7936c49b8cde9
SHA1 hash:
98b0fc4e0695b6365f35a55c6db40a2e24b0d018
Link:
https://www.unpac.me/results/4d0f3e78-100a-4061-a4f5-ba6c5b751f22/
SH256 hash:
3d9fd192f5eda560a93d2ba1d8cd853ae2e6cd106593f6f4b669604bbc0d6403
MD5 hash:
c8ccf8c4fad1c6f123a1c803f3819ecf
SHA1 hash:
c27f2d8525059e58a8fea66844335dd780e4318f
Link:
https://www.unpac.me/results/4d0f3e78-100a-4061-a4f5-ba6c5b751f22/
SH256 hash:
e7a6e62f968e9e170e70cec9af8756e1ddab20ac4011a92da8db56218dab5069
MD5 hash:
377be6fe2167671255aa39cfefacb6fb
SHA1 hash:
848a25526e6ed178ff66d563c427c5a098cb327f
Link:
https://www.unpac.me/results/4d0f3e78-100a-4061-a4f5-ba6c5b751f22/
SH256 hash:
431dc6ad51dbe781b97a620d35d8f74d7e919f30cbf266469822008328f67094
MD5 hash:
17118048b63a3f11e3d27417d1df8e8f
SHA1 hash:
d0e5b129c4bf3fcc71e3c3f858dcb323f65fc5dd
Link:
https://www.unpac.me/results/4d0f3e78-100a-4061-a4f5-ba6c5b751f22/
SH256 hash:
352ac88e10f007f642cff56c755caa2f4874f7a30f0097609e8779cd46c8d5d1
MD5 hash:
7ecc91b99dd42bebd972e766703537f0
SHA1 hash:
0c1e6cb5f0f2b6ebbb2762f8279e96cb09dc5eec
Link:
https://www.unpac.me/results/4d0f3e78-100a-4061-a4f5-ba6c5b751f22/
SH256 hash:
8cde75ccce00d0910b6e38ab1e05dc80a9a83a9c69eaae8b3b05fb191bf27ce4
MD5 hash:
2b9591300a12b7db424cc097779a218e
SHA1 hash:
f70e4367c92c1832327eea5f8d0eca61c119cd87
Link:
https://www.unpac.me/results/4d0f3e78-100a-4061-a4f5-ba6c5b751f22/
SH256 hash:
7d2e6693ded68ae0d18c1b4dd5b362c79c2f13f0990734e0a30d28e191adc790
MD5 hash:
cc39cd3c8865e5331fcce1dbefc955ff
SHA1 hash:
fc3a92cd9d8b31ea4eadbdf7b66b7de4afc517f0
Link:
https://www.unpac.me/results/4d0f3e78-100a-4061-a4f5-ba6c5b751f22/
SH256 hash:
53a60447acbcf6e269956c88bc8142939105d6ad303b4139cd0f0be666eb6c27
MD5 hash:
5d7c9236c92c89dfceb3a161837c68b9
SHA1 hash:
7a85ba87b1d611f0ecec019965f9f2160fd91313
Link:
https://www.unpac.me/results/4d0f3e78-100a-4061-a4f5-ba6c5b751f22/
SH256 hash:
f4cd3447c1166c18a37b473b332545ae85ea005cf54a9744fc4040f6ea7bb4f0
MD5 hash:
6388dd85caabd91e3c35521e3b29d87d
SHA1 hash:
e0e65c0be375a89037d8c059c9b3e7d3a21d939f
Link:
https://www.unpac.me/results/4d0f3e78-100a-4061-a4f5-ba6c5b751f22/
SH256 hash:
b408114613be4b0814868e91c1d1341db238abe30afa7c528bbc29b9b5fab3cd
MD5 hash:
9768aed0a981a94ddef5fb3d7d8bb74d
SHA1 hash:
29674bbef6e3db6f94cfd9a6df0f7b4ae8a73805
Link:
https://www.unpac.me/results/4d0f3e78-100a-4061-a4f5-ba6c5b751f22/
SH256 hash:
0f295d377540773127f73cf21c555c0358b8e28d8e74307535dd41839bf78f2b
MD5 hash:
043835ebedfab7d8c9424845a4fc6095
SHA1 hash:
dc91c237153aaab8731463d097da924f91f5e941
Link:
https://www.unpac.me/results/4d0f3e78-100a-4061-a4f5-ba6c5b751f22/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/0f295d377540773127f73cf21c555c0358b8e28d8e74307535dd41839bf78f2b

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:BitcoinAddress
Create hunting rule
Author:Didier Stevens (@DidierStevens)
Description:Contains a valid Bitcoin address
Rule name:pdb_YARAify
Create hunting rule
Author:@wowabiy314
Description:PDB
Rule name:Windows_Trojan_Smokeloader_3687686f
Create hunting rule
Author:Elastic Security

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DanaBot

Executable exe 0f295d377540773127f73cf21c555c0358b8e28d8e74307535dd41839bf78f2b

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2387962/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/325471/

Comments