MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1d2550887973db494368efe5dcf10ab5c8b4acf0d29ac0236e6e0910328b1d4b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DanaBot


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1d2550887973db494368efe5dcf10ab5c8b4acf0d29ac0236e6e0910328b1d4b
SHA3-384 hash: e15d257bc4a1a841c8ba89d0d04757fd35697c905c2666a5424b0e67398792bda7b9d59a3c0580d6d72eceba65036da9
SHA1 hash: b5cf2bea03d5f359f6cb0627e4cfdadb7047b23b
MD5 hash: cca8d03e6f36957083de297be9a0e07d
humanhash: leopard-princess-minnesota-winner
File name:cca8d03e6f36957083de297be9a0e07d.exe
Download: download sample
Signature DanaBot
Create hunting rule
File size:1'145'856 bytes
First seen:2022-03-09 15:19:11 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 120d5f35bf3d408d95409773c543e6cf (1 x Smoke Loader, 1 x DanaBot, 1 x RedLineStealer)
ssdeep 24576:hJ50klXbXEqYnmzm/qHAd+LrV3TELJ8iZP:hJ5TL7YnmzmqHu45G8UP
Threatray 10'833 similar samples on MalwareBazaar
TLSH T1C535223B3AA1C531D116F0319916CDF2897DBD60A6A5870F73921B0C1E727C4A8A97AF
File icon (PE):PE icon
dhash icon 327a7c7d767e6e76 (4 x RedLineStealer, 1 x ArkeiStealer, 1 x DanaBot)
Reporter abuse_ch
Tags:DanaBot exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
573
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/248761/
Detection(s):
Win.Dropper.Stop-9938042-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for synchronization primitives
Launching the default Windows debugger (dwwin.exe)
Creating a window
Launching a process
Sending a custom TCP request
Sending an HTTP GET request
Creating a file in the %temp% directory
Сreating synchronization primitives
Unauthorized injection to a system process
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/8759/overview
Behaviour
MeasuringTime
SystemUptime
EvasionQueryPerformanceCounter
CheckCmdLine
EvasionGetTickCount
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/6228c5abb94fb38cb4488a21/reports/d51ac11d-22d0-4985-b475-9d3c533103d5/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
DanaBot
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/78b6b6c8-ce28-4670-b692-03e20e5b20b0
Result
Threat name:
DanaBot
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/953709
Signature
Antivirus detection for URL or domain
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Overwrites code with function prologues
Sigma detected: Suspicious Call by Ordinal
System process connects to network (likely due to code injection or exploit)
Yara detected DanaBot stealer dll
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1d2550887973db494368efe5dcf10ab5c8b4acf0d29ac0236e6e0910328b1d4b/
Threat name:
Win32.Trojan.Azorult
Create hunting rule
Status:
Malicious
First seen:
2022-03-09 02:19:46 UTC
File Type:
PE (Exe)
Extracted files:
30
AV detection:
24 of 27 (88.89%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dusvbcdzopnusq3i57s5z4ikwxeljlhq2knmai3onyeramuldvfq._file
Verdict:
malicious
Label(s):
cloudeye
Create hunting rule
Similar samples:
00de2ed7834a34d0643df2cbd50188efe3fe66fba74cfd32ff98a7eb70717a46
DanaBot
2775e955bf03d93033ff2bf432ad95158e176d3207962d18dc47fd074d16ba9e
DanaBot
2f43972540a6cae0eb4e50d142860bdc278b44b9b4606747c58e19383efa82f5
DanaBot
343b785bdc3ee599f7962a90b02c3638c470e486fe43fff73c0ee5fbb8eb0a50
DanaBot
a0a944db45538f11089813fd89eeed36cdefa6204e52ba305251832ed0045860
DanaBot
b0de3b3eb79e5291dcd933e0e8231c90208e2e11e894500fb7df6487ba259ba9
DanaBot
b20753700e6839173e63c607bd2e7da1da85b3d46f7c67b8e4b819814ff898ba
DanaBot
dcedf234c0f9d6fe3a4392693c82708c70c8e243f42f2e7073d35bd928f3b526
DanaBot
ee957b46fd21616c1ff4dcd2c7f6bf5a57b3caecbddb5b6033b48fd70d03f216
DanaBot
+ 10'823 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/220309-sqsexacfbk/
Behaviour
Suspicious use of WriteProcessMemory
Blocklisted process makes network request
Unpacked files
SH256 hash:
1b3ac04a6babace50c2419efaafb5690fbc990dd03d7b609223a0df15ac63f1e
MD5 hash:
b682cd9427cd146f6a4a7d48cd43a539
SHA1 hash:
8e3035152043eb20cde5c078d0ddda79035c8f44
Link:
https://www.unpac.me/results/8b047dac-441c-43a4-9c5b-3fc37c56da59/
SH256 hash:
1d2550887973db494368efe5dcf10ab5c8b4acf0d29ac0236e6e0910328b1d4b
MD5 hash:
cca8d03e6f36957083de297be9a0e07d
SHA1 hash:
b5cf2bea03d5f359f6cb0627e4cfdadb7047b23b
Link:
https://www.unpac.me/results/8b047dac-441c-43a4-9c5b-3fc37c56da59/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/1d2550887973/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1d2550887973db494368efe5dcf10ab5c8b4acf0d29ac0236e6e0910328b1d4b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DanaBot

Executable exe 1d2550887973db494368efe5dcf10ab5c8b4acf0d29ac0236e6e0910328b1d4b

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/248761/
  
URLhaus
https://urlhaus.abuse.ch/url/2078748/
  
Delivery method
Distributed via web download

Comments