MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 24943c70d8dd1d81437466c413ee3145366681b7e7f4d8a5337de7a38d8188d1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DanaBot


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 24943c70d8dd1d81437466c413ee3145366681b7e7f4d8a5337de7a38d8188d1
SHA3-384 hash: 4643f2e7b1628d2ef69eb04549e2697c03252ea8f311b17538f954c5b9db68db4322fa462b4ab70497dcdb76e39b0127
SHA1 hash: 64b398dad266acfdf462ab275d3e0fa27740f1bc
MD5 hash: 4215d8a4ea5fdbd1cc249ec27a736ee9
humanhash: ink-burger-arizona-hotel
File name:4215d8a4ea5fdbd1cc249ec27a736ee9.exe
Download: download sample
Signature DanaBot
Create hunting rule
File size:1'081'344 bytes
First seen:2021-08-28 16:20:21 UTC
Last seen:2021-08-28 17:18:07 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 065a584d0d50807005a7c41fcb9adea6 (6 x RaccoonStealer, 2 x RedLineStealer, 1 x DanaBot)
ssdeep 24576:A6ZkqB8Ot+11NKz8i2rVKyz5TYltZV9dI2qmsQsP6h:A6Ku8O2fg8i2rVKgdYX9dL
Threatray 4'553 similar samples on MalwareBazaar
TLSH T12335233512B190B1C3D42630806F9063AE6FFD12BF6542872BD4999F3FA69C0D5AE763
dhash icon 4839b2b4e8c38890 (137 x RaccoonStealer, 37 x Smoke Loader, 30 x RedLineStealer)
Reporter abuse_ch
Tags:DanaBot exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
1'119
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Adobe.Photoshop.Lightroom.v2.5.keygen.by.DBC.bin
Verdict:
Malicious activity
Analysis date:
2021-08-28 15:53:27 UTC
Tags:
evasion trojan rat azorult stealer raccoon loader fareit pony opendir redline vidar danabot
Link:
https://app.any.run/tasks/e5736db1-0d47-47c3-a983-a59aceeaf0c3

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/183065/
Detection(s):
SecuriteInfo.com.Artemis4215D8A4EA5F.22954.12557.UNOFFICIAL
Create hunting rule

Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Creating a process with a hidden window
Creating a file
Enabling the 'hidden' option for recently created files
Sending a UDP request
Launching a process
Malware family:
Malicious Packer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/7e4407dc-4066-4235-817d-30a63785e014
Result
Threat name:
DanaBot
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/840781
Signature
C2 URLs / IPs found in malware configuration
Detected unpacking (changes PE section rights)
Found malware configuration
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Yara detected DanaBot stealer dll
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/24943c70d8dd1d81437466c413ee3145366681b7e7f4d8a5337de7a38d8188d1/
Threat name:
Win32.Trojan.Fragtor
Create hunting rule
Status:
Malicious
First seen:
2021-08-28 16:21:07 UTC
AV detection:
16 of 26 (61.54%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=eskdy4gy3uoycq3um3cbh3rriu3gnanx472nrjjtpxt2hdmbrdiq._file
Verdict:
unknown
Similar samples:
056548a367412a9b7fcb2d136d1c425ecfc2b0627de5d6842a5b79cee17d67dd
DanaBot
36499f5c573a8752c3b566b19e52f3a235e73e4cdb7123f3452a007c945f7daf
DanaBot
3c8992a1fa966b9838653d1276934114b1e3536d2d0d47172ef4c67af1ef3b2c
DanaBot
4f4a33f70099855f5f503716515f388da3a5daa1e2fac59ec6c881e89ef7d072
DanaBot
556900b033c6969b8c33c7fd00a36e94561acc33357e845876abf791ede3ba27
DanaBot
5d7bc178cb3eafae7b2c99b2cfd2ceec87119cf2403f86af87435d4479f36724
DanaBot
a195d9091ef3b62929cd8637728a190bd54a80c1d4fa89680e9b452677dcb934
DanaBot
c565ce12f63b1cb897156e0234907a49517439247747cc7df5b69952c1e7ce43
DanaBot
efd668c69a879c85b8fb4ffdae21c471ce300548ab17321b851d0089c7dfdf73
DanaBot
f7f5dc4483ba1acdb1e2118ac855a9d4c0b7333749808a11ae69c6e345cdaf6f
DanaBot
+ 4'543 additional samples on MalwareBazaar
Result
Malware family:
danabot
Create hunting rule
Score:
  10/10
Tags:
family:danabot banker trojan
Link:
https://tria.ge/reports/210828-vrnmb1g1hs/
Behaviour
Suspicious use of WriteProcessMemory
Drops file in Program Files directory
Loads dropped DLL
Blocklisted process makes network request
Danabot
Danabot Loader Component
Unpacked files
SH256 hash:
9e82ad5dc82fded710014d64cb5cb141f4500ad63626edfcec43ea2a2168dc10
MD5 hash:
ef1f82b14908a8133d596b70d17277c8
SHA1 hash:
ae31276d71328d33c628ae3058a1204e61329270
Link:
https://www.unpac.me/results/de674c99-a879-4fd9-8e88-6d194a056e0f/
SH256 hash:
f273e4e932050e70a648ab4da173834639ee115b6038e3c9b61c7ea8f2a6b1be
MD5 hash:
5bc23936d43f09a58517777a196ee7da
SHA1 hash:
48770f38eaa235bccd2063f6f545d38207a4ffc9
Link:
https://www.unpac.me/results/de674c99-a879-4fd9-8e88-6d194a056e0f/
SH256 hash:
24943c70d8dd1d81437466c413ee3145366681b7e7f4d8a5337de7a38d8188d1
MD5 hash:
4215d8a4ea5fdbd1cc249ec27a736ee9
SHA1 hash:
64b398dad266acfdf462ab275d3e0fa27740f1bc
Link:
https://www.unpac.me/results/de674c99-a879-4fd9-8e88-6d194a056e0f/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/24943c70d8dd1d81437466c413ee3145366681b7e7f4d8a5337de7a38d8188d1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DanaBot

Executable exe 24943c70d8dd1d81437466c413ee3145366681b7e7f4d8a5337de7a38d8188d1

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1552888/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1495647/
Cape
Cape
https://www.capesandbox.com/analysis/183065/

Comments