MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 107457df68604ea8accd379b9813bcbc9dd309d5db70858ceb4437537847007a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

DanaBot

Vendor detections: 11

Intelligence 11 IOCs YARA File information Comments

SHA256 hash:	107457df68604ea8accd379b9813bcbc9dd309d5db70858ceb4437537847007a
SHA3-384 hash:	60e48d6accc4bb58fe2d5c40bcfcd88b595b07dd503ca3089735543dbf87b320c1b546321c3362c5aa481c3b89e103cc
SHA1 hash:	7f5935d61e7bba79215ec2703983d1f0b53ce7b7
MD5 hash:	660da04b8249b5d416135cbd80f97388
humanhash:	alanine-fish-december-missouri
File name:	107457df68604ea8accd379b9813bcbc9dd309d5db70858ceb4437537847007a
Download:	download sample
Signature	DanaBot Create hunting rule
File size:	1'945'600 bytes
First seen:	2021-11-23 02:47:38 UTC
Last seen:	2021-11-23 04:30:22 UTC
File type:	dll
MIME type:	application/x-dosexec
imphash	3ffc09b6f8cb525f9949432b3a81cc17 (2 x DanaBot)
ssdeep	49152:gQU1aLhQhG5NUAgoOa8nBc0SmmdWwMLwktw4B9e3qfn8+nFFQCxEsJwKQk:gfaNQh+NUABO/c0Y9AdK3qf8+gqJW
Threatray	7'465 similar samples on MalwareBazaar
TLSH	T152958C51B602E726D6A86CB8FC00C5EF14F0BD49FE44D267F6C17F9FA932241A82519B
Reporter	ervindaprtma
Tags:	DanaBot dll

Intelligence

File Origin

# of uploads :

# of downloads :

455

Origin country :

n/a

Vendor Threat Intelligence

Gathering data

Detection(s):

SecuriteInfo.com.Trojan.PWS.Panda.13752.7045.20958.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a custom TCP request

DNS request

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

greyware

Link:

https://www.filescan.io/uploads/619c5667f36138de3f360962/reports/269b3561-8806-45cd-a875-65415167f022/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Generic Malware

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/a78d0f6f-65d3-4b63-8918-ecce2bc784b2

Result

Threat name:

DanaBot

Detection:

malicious

Classification:

troj.evad

Score:

76 / 100

Link:

https://www.joesandbox.com/analysis/894395

Signature

C2 URLs / IPs found in malware configuration

Found malware configuration

Multi AV Scanner detection for submitted file

System process connects to network (likely due to code injection or exploit)

Yara detected DanaBot stealer dll

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/107457df68604ea8accd379b9813bcbc9dd309d5db70858ceb4437537847007a/

Threat name:

Win32.Trojan.DanaBot

Status:

Malicious

First seen:

2021-11-23 02:48:18 UTC

File Type:

PE (Dll)

AV detection:

35 of 45 (77.78%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=cb2fpx3imbhkrlgng6nzqe54xso5gcov3nyildhliq3vg6chab5a._file

Verdict:

malicious

Label(s):

gozi

DanaBot

683b04f3c9da73d16abbe0fa72b538b5285bf33638d8ec2d426cf83c5844bbf1

DanaBot

84152e97051619068fcd8e0e59428e636fa1c69a3266a1fadbf6e69d919dbd8c

DanaBot

9e7e65a46ba0dfc2eb7e8b861aca709a94fa9f9bd969765b2e4864b6ee391507

DanaBot

aaba33fbea2a90c26205589be2807c7f04b571e5b410b06bc6555224392e18e7

DanaBot

b004af43a952d2a4fbd9800579dd8744bbd602e43e2394a03927e427950fbd7e

DanaBot

cfcfe2a6f304ec880209f8b7a20ab8f58010dfbfbb13b8be419db3018f61d6cb

DanaBot

d25a0431bbf834e845cd7dea3fab2c09b0d116ccd2aa7f58f21ffb7ad81fb470

DanaBot

df8084af9861ef3e67f7402ff047cb2cd9d21ed270caad41a6aa2888024e1488

DanaBot

+ 7'455 additional samples on MalwareBazaar

Result

Malware family:

danabot

Score:

10/10

Tags:

family:danabot banker trojan

Link:

https://tria.ge/reports/211123-dagadacch3/

Behaviour

Suspicious use of WriteProcessMemory

Blocklisted process makes network request

Danabot

Danabot Loader Component

Malware Config

C2 Extraction:

185.117.90.36:443
193.42.36.59:443
193.56.146.53:443
185.106.123.228:443

Unpacked files

SH256 hash:

71519ad0f314b95506779e63170dba44e9ed4e29c2818147cca10873b50f656c

MD5 hash:

54d159b7c56074d491d991e2a5b1dec9

SHA1 hash:

e4c4ee00c96a2bf5bcba8ea6bdcdf3b8cf5e5796

Link:

https://www.unpac.me/results/4eff3907-76c1-4b3e-85cf-ba63cb8559e8/

SH256 hash:

107457df68604ea8accd379b9813bcbc9dd309d5db70858ceb4437537847007a

MD5 hash:

660da04b8249b5d416135cbd80f97388

SHA1 hash:

7f5935d61e7bba79215ec2703983d1f0b53ce7b7

Link:

https://www.unpac.me/results/4eff3907-76c1-4b3e-85cf-ba63cb8559e8/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/107457df68604ea8accd379b9813bcbc9dd309d5db70858ceb4437537847007a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DanaBot

DLL dll 107457df68604ea8accd379b9813bcbc9dd309d5db70858ceb4437537847007a

(this sample)

Link

https://tria.ge/211123-cvxmeshbfp

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/208496/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample