MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1e51f18092d8b33ce540f0be383e973e3bb962de84630144d4a40f70d74551f3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DanaBot


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1e51f18092d8b33ce540f0be383e973e3bb962de84630144d4a40f70d74551f3
SHA3-384 hash: f17ca92f5254636e402811d745be57a9bb75bf9ff26824ff5a13109654d8b678c2f0e21a14ac16b16ed142f543ddfac0
SHA1 hash: adb1fa18fc275e98e26660621b74ee188fb0b66b
MD5 hash: 54415694e11467be54aa0e5fc0c63ee5
humanhash: xray-fillet-nineteen-enemy
File name:SecuriteInfo.com.Variant.Ulise.282168.3684.1426
Download: download sample
Signature DanaBot
Create hunting rule
File size:1'063'424 bytes
First seen:2021-08-28 15:54:57 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 0db41ef1d0838062c008ff4132905031 (4 x DanaBot)
ssdeep 24576:mZlJEIt2wdfQlda/BnHUmdtqqAqMenRFNEuA5u0u5XjO+MG1c:mZ3EIt2wdyElnAqMekiX
Threatray 4'549 similar samples on MalwareBazaar
TLSH T193351233A2808C72C059FA3D38D1AE94146EF7717E67F91A1ECC449FC8DB641A41A65F
Reporter SecuriteInfoCom
Tags:DanaBot exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
1'126
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.Variant.Ulise.282168.3684.1426
Verdict:
Malicious activity
Analysis date:
2021-08-28 15:56:57 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/688be41e-8b06-4acc-8f6e-35e5b93bfc99

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/183062/
Detection(s):
SecuriteInfo.com.Variant.Ulise.282168.3684.1426.UNOFFICIAL
Create hunting rule

Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Creating a file
Enabling the 'hidden' option for recently created files
Sending a UDP request
Launching a process
Creating a process with a hidden window
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/c46bf057-8727-483c-9522-89d6e53d87c5
Result
Threat name:
DanaBot
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/840776
Signature
C2 URLs / IPs found in malware configuration
Found malware configuration
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Yara detected DanaBot stealer dll
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1e51f18092d8b33ce540f0be383e973e3bb962de84630144d4a40f70d74551f3/
Threat name:
Win32.Trojan.Ulise
Create hunting rule
Status:
Malicious
First seen:
2021-08-28 13:37:35 UTC
AV detection:
12 of 46 (26.09%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
056548a367412a9b7fcb2d136d1c425ecfc2b0627de5d6842a5b79cee17d67dd
DanaBot
36499f5c573a8752c3b566b19e52f3a235e73e4cdb7123f3452a007c945f7daf
DanaBot
3c8992a1fa966b9838653d1276934114b1e3536d2d0d47172ef4c67af1ef3b2c
DanaBot
4f4a33f70099855f5f503716515f388da3a5daa1e2fac59ec6c881e89ef7d072
DanaBot
556900b033c6969b8c33c7fd00a36e94561acc33357e845876abf791ede3ba27
DanaBot
5d7bc178cb3eafae7b2c99b2cfd2ceec87119cf2403f86af87435d4479f36724
DanaBot
a195d9091ef3b62929cd8637728a190bd54a80c1d4fa89680e9b452677dcb934
DanaBot
c565ce12f63b1cb897156e0234907a49517439247747cc7df5b69952c1e7ce43
DanaBot
efd668c69a879c85b8fb4ffdae21c471ce300548ab17321b851d0089c7dfdf73
DanaBot
f7f5dc4483ba1acdb1e2118ac855a9d4c0b7333749808a11ae69c6e345cdaf6f
DanaBot
+ 4'539 additional samples on MalwareBazaar
Result
Malware family:
danabot
Create hunting rule
Score:
  10/10
Tags:
family:danabot banker trojan
Link:
https://tria.ge/reports/210828-3q447msp1a/
Behaviour
Suspicious use of WriteProcessMemory
Drops file in Program Files directory
Loads dropped DLL
Blocklisted process makes network request
Danabot
Danabot Loader Component
Unpacked files
SH256 hash:
28c03552570de0a79cfd80b83b7befa1baf34811613b36abcd9a741d3153e0b7
MD5 hash:
bdec4a470d9624694246c3175522b808
SHA1 hash:
d9268bf5610f0dd5b1c142df9db7658610f612b4
Link:
https://www.unpac.me/results/6507f5ec-0ce3-4898-b8de-a40f0ba4c343/
SH256 hash:
1e51f18092d8b33ce540f0be383e973e3bb962de84630144d4a40f70d74551f3
MD5 hash:
54415694e11467be54aa0e5fc0c63ee5
SHA1 hash:
adb1fa18fc275e98e26660621b74ee188fb0b66b
Link:
https://www.unpac.me/results/6507f5ec-0ce3-4898-b8de-a40f0ba4c343/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1e51f18092d8b33ce540f0be383e973e3bb962de84630144d4a40f70d74551f3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DanaBot

Executable exe 1e51f18092d8b33ce540f0be383e973e3bb962de84630144d4a40f70d74551f3

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/183062/
  
URLhaus
https://urlhaus.abuse.ch/url/1572232/
  
Delivery method
Distributed via web download

Comments