MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3337eb41cf4ec9d1619a72f9d3da1ee57f5caa3683a10cc42ac8f9b577ddca8e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

DanaBot

Vendor detections: 12

Intelligence 12 IOCs 1 YARA File information Comments

SHA256 hash:	3337eb41cf4ec9d1619a72f9d3da1ee57f5caa3683a10cc42ac8f9b577ddca8e
SHA3-384 hash:	32179e29e850959d26cdf19cb00f4f13ce0759ae3cdb51d0fd011d0b638380573b16c667df70c9afd78613df41a19e48
SHA1 hash:	954ca73869a4a13b904e62c360d0c47292763b7d
MD5 hash:	7c8ff867c56c73337039957657307f23
humanhash:	earth-mango-golf-equal
File name:	3337eb41cf4ec9d1619a72f9d3da1ee57f5caa3683a10.exe
Download:	download sample
Signature	DanaBot Create hunting rule
File size:	1'142'784 bytes
First seen:	2022-03-06 18:55:22 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	c67a10f9e9c00b471a95264fb6d59666 (1 x DanaBot, 1 x Smoke Loader, 1 x ArkeiStealer)
ssdeep	24576:eArxZ82WE01AeTLGlGVU2h+LOh8oDgFAB3Br8OA9knGKgcULnNa:eAtp7WLGUVx+LOhDB3BwkgcU
Threatray	9'858 similar samples on MalwareBazaar
TLSH	T1A1351200B690D035E4B316F989BAD378B52D3FA19B6551CB22D02AEE5735AE4FC3131B
File icon (PE):
dhash icon	2dac1378319b9b91 (29 x Smoke Loader, 23 x RedLineStealer, 22 x Amadey)
Reporter	abuse_ch
Tags:	DanaBot exe

abuse_ch

DanaBot C2:
192.236.161.4:443

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOC	ThreatFox Reference
192.236.161.4:443	https://threatfox.abuse.ch/ioc/392753/

Intelligence

File Origin

# of uploads :

# of downloads :

626

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

redline

ID:

File name:

https://www.mediafire.com/file/vjf6f21cfk78mqv/WinSetup6224992393D6A-86_64enx.zip/file

Verdict:

Malicious activity

Analysis date:

2022-03-06 11:29:46 UTC

Tags:

evasion loader trojan rat redline opendir

Link:

https://app.any.run/tasks/952b7e5c-8224-4301-80d4-b76ad88daf0b

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/247693/

Detection(s):

Win.Dropper.Generickdz-9939781-0

Result

Verdict:

Malware

Maliciousness:

Result

Malware family:

n/a

Score:

9/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/8392/overview

Behaviour

MalwareBazaar

MeasuringTime

CPUID_Instruction

SystemUptime

EvasionGetTickCount

CheckCmdLine

EvasionQueryPerformanceCounter

Result

Verdict:

SUSPICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

DanaBot

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/70479a0f-7b16-41e9-9456-0fc06c4556a1

Result

Threat name:

DanaBot

Detection:

malicious

Classification:

troj.evad

Score:

80 / 100

Link:

https://www.joesandbox.com/analysis/951470

Signature

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Tries to detect virtualization through RDTSC time measurements

Yara detected DanaBot stealer dll

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/3337eb41cf4ec9d1619a72f9d3da1ee57f5caa3683a10cc42ac8f9b577ddca8e/

Threat name:

Win32.Trojan.Strab

Status:

Malicious

First seen:

2022-03-06 18:56:17 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

21 of 27 (77.78%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=gm36wqopj3e5cym2ol45hwq64v7vzkrwqoqqzrbkzd43k565zkha._file

Verdict:

malicious

DanaBot

2f43972540a6cae0eb4e50d142860bdc278b44b9b4606747c58e19383efa82f5

DanaBot

3b9cd0cbd0216c7880e6edbf90c8c98d0800f7a562c3a845559b3375dfa09f8f

DanaBot

5cf233d7267a011a4e21064d530fc1b6e80f995b22cf86b29e773d13a463a628

DanaBot

6e33bb5afea750c9d310218cf18796b7e1754332684bf92806ccba081bcc5a69

DanaBot

a0bc490c4a5263a90e83476958a538d960a94437432c4561008a6c9bb4af2b17

DanaBot

d884436a17d35656ddeae1a06103d0b787d9f22851fedba571293898f6fd3645

DanaBot

+ 9'848 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://tria.ge/reports/220306-xldheadhb7/

Behaviour

Checks processor information in registry

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

Program crash

Suspicious use of SetThreadContext

Blocklisted process makes network request

Unpacked files

SH256 hash:

a2bcab7859386ad6687093a7b8f6250966c19a5e535b249e6ea943fef2f4881a

MD5 hash:

8fddc133636fcbd42fffc6b5de61c496

SHA1 hash:

9c886cb148629eb88d83e626478b2b05e0598d10

Link:

https://www.unpac.me/results/ba828a68-327b-4ea8-93ed-138b406220e8/

SH256 hash:

3337eb41cf4ec9d1619a72f9d3da1ee57f5caa3683a10cc42ac8f9b577ddca8e

MD5 hash:

7c8ff867c56c73337039957657307f23

SHA1 hash:

954ca73869a4a13b904e62c360d0c47292763b7d

Link:

https://www.unpac.me/results/ba828a68-327b-4ea8-93ed-138b406220e8/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/3337eb41cf4ec9d1619a72f9d3da1ee57f5caa3683a10cc42ac8f9b577ddca8e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/247693/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample