MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1464f141847f0ee9af9f7f2eda69ebcb56022ae8b1d259bb152a873d3c6a303d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DanaBot


Vendor detections: 4


Intelligence 4 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1464f141847f0ee9af9f7f2eda69ebcb56022ae8b1d259bb152a873d3c6a303d
SHA3-384 hash: 3133bb6f5ef73b5f784e21f5ed4594251d1055be67932a3588c06fa087bf0090379b08c94714f4b4d1f7e0917e22c3bd
SHA1 hash: 73d69805228a08ba04573c2325eaaa6a5a5622b3
MD5 hash: a00f56c57e2a1b336e8c5534e4f5c3b2
humanhash: tennis-west-blossom-thirteen
File name:a00f56c57e2a1b336e8c5534e4f5c3b2.exe
Download: download sample
Signature DanaBot
Create hunting rule
File size:2'865'664 bytes
First seen:2020-05-31 07:46:11 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 806b8749651855f8e238264d14974360 (1 x DanaBot)
ssdeep 49152:/5xyeXtiFfFuJW1KnaHJLl8SqnON2I2f76Fbuzv2JqpR0h066DmYm7Ai:HEnJ13Hz8ANAD6FbYv/pRI16CYm7Ai
Threatray 60 similar samples on MalwareBazaar
TLSH FAD52310B749C439F42356F4AA3152A9B53A7EF25B6082CB12F49ECF2635E91DC3172B
Reporter abuse_ch
Tags:DanaBot exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
857
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-05-31 08:35:28 UTC
AV detection:
21 of 31 (67.74%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
3e6c762ae623b985932a24c99a901dfb7dcb7c452bd5668bf2d7e8883f99381f
DanaBot
4f9b6310c363bc29667d6624f373a78762061fe952494a242454be6550c374da
DanaBot
5128943bdbc08a1f56d6ca3c7be3ac65e7080341a2268c55e4280cee005505c0
DanaBot
95a90fbde8c6cc25ac3ebbc1bc9602a8a656a6c6d29e47378cca197c7018df02
DanaBot
98c2f70c665efdfe6ff95460c0c8f131e80de91cf6dcbcf8bb4209c330280262
DanaBot
991c4166a2246ca5ae9186a1e747f5eb767fdbd304dbfa1c5f4a2019cb6b4aec
DanaBot
9d96347ba7dd239d6a6b667242965905d6e96114281cd7a18812e901712a8303
DanaBot
a59a10879e0a2db88c6ea80f31a85962b7e4e89b6e2c4d4cac459b1580422b78
DanaBot
ba3478006a8f45f9979a6f2f363933093cd063f7845c85dc604c374481347c20
DanaBot
cd38592468e54623dc5c89529203dbc21ede6cfe95523d2f146449019288038c
DanaBot
+ 50 additional samples on MalwareBazaar
Result
Malware family:
danabot
Create hunting rule
Score:
  10/10
Tags:
family:danabot banker botnet trojan
Link:
https://tria.ge/reports/201109-fedjlpf1qn/
Behaviour
Suspicious use of WriteProcessMemory
Loads dropped DLL
Blacklisted process makes network request
Danabot
Danabot x86 payload
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:win_danabot_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DanaBot

Executable exe 1464f141847f0ee9af9f7f2eda69ebcb56022ae8b1d259bb152a873d3c6a303d

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/367844/
  
Delivery method
Distributed via web download

Comments