MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2e4bb0047b59d9a3e77d0543ac0acac8777e03c354dc5e0e94ab19c74c06f179. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DanaBot


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2e4bb0047b59d9a3e77d0543ac0acac8777e03c354dc5e0e94ab19c74c06f179
SHA3-384 hash: 73a1327c0f4c661293d1979b706a97376b02281423bfbfb8631341206458a5f581141d65bab5cf99dba8cbcc7af32056
SHA1 hash: feab6c611211606eff907853b86e92a87c014b47
MD5 hash: e7979230ea7d2cee54a95d8bf23fea7b
humanhash: michigan-leopard-bakerloo-cat
File name:e7979230ea7d2cee54a95d8bf23fea7b.exe
Download: download sample
Signature DanaBot
Create hunting rule
File size:1'206'272 bytes
First seen:2021-09-24 08:45:52 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 9daab65a6dc440e386b70d6bb40ddc6e (2 x RedLineStealer, 1 x RaccoonStealer, 1 x DanaBot)
ssdeep 24576:Zo4Qb1zmud9+JO5EGXbFQfSksdOp4iJq0DjCZ6+6jYjrL5Ak4bx:nK1Y45EGrFQm89JfKZF
Threatray 5'684 similar samples on MalwareBazaar
TLSH T1FE4512206BE0D034F6B312F959B5A2A9F42DBEB0A76884CB72D919EB56707D0CC31357
File icon (PE):PE icon
dhash icon ead8ac9cc6e68ee0 (118 x RaccoonStealer, 102 x RedLineStealer, 46 x Smoke Loader)
Reporter abuse_ch
Tags:DanaBot exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
304
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
e7979230ea7d2cee54a95d8bf23fea7b.exe
Verdict:
Malicious activity
Analysis date:
2021-09-24 09:01:35 UTC
Tags:
trojan danabot
Link:
https://app.any.run/tasks/773c7300-4607-4b39-91f8-691f1fa01ffd

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/191117/
Detection(s):
SecuriteInfo.com.Variant.Fragtor.24803.6270.11519.UNOFFICIAL
Create hunting rule

Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/61e0b6a0-66b2-43a6-88d5-4e9d76f90dad
Result
Threat name:
DanaBot
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
96 / 100
Link:
https://www.joesandbox.com/analysis/857224
Signature
C2 URLs / IPs found in malware configuration
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Yara detected DanaBot stealer dll
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2e4bb0047b59d9a3e77d0543ac0acac8777e03c354dc5e0e94ab19c74c06f179/
Threat name:
Win32.Trojan.Fragtor
Create hunting rule
Status:
Malicious
First seen:
2021-09-24 08:46:14 UTC
AV detection:
21 of 45 (46.67%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
0cbc99017336a7e835494b822f84821254a78b0ae7dea476ed98bca861b1936b
DanaBot
0fa94fb3399528ee6652f3852baac8c399f267ed82ff74730881400494477a83
DanaBot
4b735599ef5aac480c58627f4b72af26cfe4b66c9a62ffd93998314ce27e9586
DanaBot
637d8c2a652b364d37a2d184e9e04ad252353370c9c1cb987410e6030dbdd5ae
DanaBot
889e79039dd2255f30d5e5244306b2b3c7108a4696478a4aeb6c9f3cc792b543
DanaBot
99df8e49e514931ebc8df66ca8fe265f80b2f9c09ce7b3e00a998c7db941a3c3
DanaBot
9c1060f235f5c568ca7461ead6d60926d416d18451b755efd3ab1465681e9d80
DanaBot
cb2244f51a480169293e39a16b104aa14e98543b17b76b3ab5a16640d48d29cc
DanaBot
d37a741c4abb937ef11a2b0536a641db1b50859be5310eb8781bf18bbdd9b9bd
DanaBot
f66a32559056cd11d34d31ac48a4488de144daa4825d7292e85436601a177434
DanaBot
+ 5'674 additional samples on MalwareBazaar
Gathering data
Unpacked files
SH256 hash:
5d4ae93e28a541fd512252de5974dc28d84fc2536e48f34e5660e8e16f6845a7
MD5 hash:
d71e8700f869f60f2bcfc52158395d06
SHA1 hash:
fc344aa386b703ec6ef377d3ed474a655cb89d59
Link:
https://www.unpac.me/results/be0f25bd-fad1-42aa-b7f1-a616952d2b11/
SH256 hash:
5845b5f26fdc33757ffc96e4659ee2387487e9bde861d12a18c24f391973b2fe
MD5 hash:
6da55905cffb8805643c680986bbf6a2
SHA1 hash:
383bea51e05fd9a49d8135acdb944f968a0c33bd
Link:
https://www.unpac.me/results/be0f25bd-fad1-42aa-b7f1-a616952d2b11/
SH256 hash:
2e4bb0047b59d9a3e77d0543ac0acac8777e03c354dc5e0e94ab19c74c06f179
MD5 hash:
e7979230ea7d2cee54a95d8bf23fea7b
SHA1 hash:
feab6c611211606eff907853b86e92a87c014b47
Link:
https://www.unpac.me/results/be0f25bd-fad1-42aa-b7f1-a616952d2b11/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/2e4bb0047b59/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/2e4bb0047b59d9a3e77d0543ac0acac8777e03c354dc5e0e94ab19c74c06f179

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DanaBot

Executable exe 2e4bb0047b59d9a3e77d0543ac0acac8777e03c354dc5e0e94ab19c74c06f179

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1640605/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/191117/

Comments