MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 26501c39a3fd6a6daddd186479d4422671bdf55adebc332266d48f25030b2e7d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DanaBot


Vendor detections: 10


Intelligence 10 IOCs 1 YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 26501c39a3fd6a6daddd186479d4422671bdf55adebc332266d48f25030b2e7d
SHA3-384 hash: 5e7f1f273bb0b24581a4cfc0bd810586ec51a89dbbf2d5d4b08250a792f8c147d8910e764b1d83cd96f200e203ad827b
SHA1 hash: 279ac02e7bcfb68c43b8129a21295f8ae8bea1c2
MD5 hash: 9c460b6a8b6a1d15dcfd21e90a4a2141
humanhash: artist-sierra-bacon-fifteen
File name:9c460b6a8b6a1d15dcfd21e90a4a2141.exe
Download: download sample
Signature DanaBot
Create hunting rule
File size:1'155'584 bytes
First seen:2022-03-06 18:55:39 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 6f4d060e155632c534f8defa61798a10 (1 x DanaBot)
ssdeep 24576:NxIoj0rYp0Pkjo+0zNzhr4eLwhFQ5VQ4AaLBCJ:Nhp0PUxcRhQQ56z4B
Threatray 9'857 similar samples on MalwareBazaar
TLSH T1B0350201AA80D035F0B716F8457A936CA93A7EF1A72560CB53D42AEF57396E5EC3120B
File icon (PE):PE icon
dhash icon 2dec137031939b91 (5 x RedLineStealer, 3 x Smoke Loader, 1 x DanaBot)
Reporter abuse_ch
Tags:DanaBot exe


Avatar
abuse_ch
DanaBot C2:
192.236.236.83:443

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
192.236.236.83:443 https://threatfox.abuse.ch/ioc/392758/

Intelligence

File Origin
# of uploads :
1
# of downloads :
637
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/247698/
Detection(s):
Win.Dropper.Generickdz-9939781-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for synchronization primitives
Launching the default Windows debugger (dwwin.exe)
Creating a window
Launching a process
Sending a custom TCP request
Sending an HTTP GET request
Creating a file in the %temp% directory
DNS request
Сreating synchronization primitives
Unauthorized injection to a system process
Result
Malware family:
n/a
Score:
  9/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/8394/overview
Behaviour
MalwareBazaar
MeasuringTime
CPUID_Instruction
SystemUptime
EvasionGetTickCount
CheckCmdLine
EvasionQueryPerformanceCounter
Result
Verdict:
SUSPICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
DanaBot
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/14db2959-f591-4d12-b1c7-021c3568bea4
Result
Threat name:
DanaBot
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/951465
Signature
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Yara detected DanaBot stealer dll
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/26501c39a3fd6a6daddd186479d4422671bdf55adebc332266d48f25030b2e7d/
Threat name:
Win32.Downloader.Upatre
Create hunting rule
Status:
Malicious
First seen:
2022-03-06 18:56:21 UTC
File Type:
PE (Exe)
Extracted files:
16
AV detection:
21 of 26 (80.77%)
Threat level:
  3/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ezibyond7vvg3lo5dbshtvccezy335k2326dgitg2shskaylfz6q._file
Verdict:
malicious
Similar samples:
23229b2ceee2481db7c9e645e849efe08ea77e0a7dff48448d45896f3bd49c0e
DanaBot
2f43972540a6cae0eb4e50d142860bdc278b44b9b4606747c58e19383efa82f5
DanaBot
3b9cd0cbd0216c7880e6edbf90c8c98d0800f7a562c3a845559b3375dfa09f8f
DanaBot
532e3e9ec546f0030d3fef0bddc224f868c55bb00d1914cdb7157a3e74f5bd28
DanaBot
5cf233d7267a011a4e21064d530fc1b6e80f995b22cf86b29e773d13a463a628
DanaBot
6e33bb5afea750c9d310218cf18796b7e1754332684bf92806ccba081bcc5a69
DanaBot
d884436a17d35656ddeae1a06103d0b787d9f22851fedba571293898f6fd3645
DanaBot
+ 9'847 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
suricata
Link:
https://tria.ge/reports/220306-xlds6sfefl/
Behaviour
Checks processor information in registry
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Suspicious use of SetThreadContext
Blocklisted process makes network request
suricata: ET MALWARE Danabot Key Exchange Request
Unpacked files
SH256 hash:
997444f88b96ed2222a6cf32e1be5068c30b09bcf4f1cc901cccf0bf1b9eff1d
MD5 hash:
ab471701b191f7cef4905105584b8ef9
SHA1 hash:
b7bfb9fe4cbe1dfb21c18ee39ccf57af19633aed
Link:
https://www.unpac.me/results/72c3e6fc-1ddb-494c-9f60-e26668cee27c/
SH256 hash:
26501c39a3fd6a6daddd186479d4422671bdf55adebc332266d48f25030b2e7d
MD5 hash:
9c460b6a8b6a1d15dcfd21e90a4a2141
SHA1 hash:
279ac02e7bcfb68c43b8129a21295f8ae8bea1c2
Link:
https://www.unpac.me/results/72c3e6fc-1ddb-494c-9f60-e26668cee27c/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/26501c39a3fd6a6daddd186479d4422671bdf55adebc332266d48f25030b2e7d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DanaBot

Executable exe 26501c39a3fd6a6daddd186479d4422671bdf55adebc332266d48f25030b2e7d

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2078748/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/247698/

Comments