MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 34fea5456bb0c7351da3e67c7bcc8f58bcb70ac5b7d9d70e1204a5f4556958c4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DanaBot


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 34fea5456bb0c7351da3e67c7bcc8f58bcb70ac5b7d9d70e1204a5f4556958c4
SHA3-384 hash: 2942f4587645a830015cfe97ccd13de936a42006a66a74aa2c5a2d0040784e1a064a3162ca7584483047840782dcecc5
SHA1 hash: 6cdfb62655d58243fdd4b30dd0c58388946612d8
MD5 hash: be086e67c5b92065ef4677b3ea38bdb1
humanhash: alaska-fillet-kitten-uniform
File name:SecuriteInfo.com.BehavesLike.Win32.AdwareBProtect.dc.27252
Download: download sample
Signature DanaBot
Create hunting rule
File size:1'006'592 bytes
First seen:2020-04-28 01:42:59 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ea2205bc531e8885e34cd362436b57a4 (2 x DanaBot)
ssdeep 12288:hUUd3v5UBbJsecy9Z5Bd7tR6l3wibfYAZuXLr6ftsQYDjj8I0yOv1G6UAou4XSfZ:hTdibL/ZtRqRwAQ0sQY4id61oVknlAa
Threatray 37 similar samples on MalwareBazaar
TLSH 1225222671F5806EE6F356302474F3950E7BFC52623981CE73B4202A2E61A854DB6FDB
Reporter SecuriteInfoCom
Tags:DanaBot

Intelligence

File Origin
# of uploads :
1
# of downloads :
747
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.Generickdz-7724446-0
Create hunting rule

PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Danabot
Create hunting rule
Status:
Malicious
First seen:
2020-04-28 00:21:44 UTC
File Type:
PE (Exe)
Extracted files:
16
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=gt7kkrllwddtkhnd4z6hxteplc6locwfw7m5odqsass7ivljldca._file
Verdict:
malicious
Similar samples:
013ed964d37e80ee700dd98ba83bc25692ee92b4895b92eed17c4ef5359432f8
DanaBot
014cbdc259ef1fde1a1e27b064eebcfa8344075d591dad1ab56888df71a13a89
DanaBot
3168462b40b11698b32fa1f90b8d684cba056ff88837ad67efad1d203641deec
DanaBot
4ca951e9d3fcc4196ad777f1f908cf2857e6ed55a7d72d7b0f6636a6b522fe7e
DanaBot
6548bb28396f639c2aef92957b6858d369c7626a881f000d089646811075955f
DanaBot
69e0603bc5aabcf9ed60c2ed34e96b5464fc13c89585fb7478aa053aed3f0138
DanaBot
a7a764414712bf2cc09bebe1b8e7dd257fbe7242c4fc103dd7f5876391af0337
DanaBot
ba060accb7e8c43b290f35cfd229954de469309d5f289c9ba5f60a95510c914d
DanaBot
cbeaf4b12d6ee7771977a0d287da80ed0d7861b68ba44664aa9e4c27d11c79ce
DanaBot
d46fdde4c0b259e0c6301ce8a1c94c5bcfd15f4c277cd6b61e33cb5a9e2629e9
DanaBot
+ 27 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DanaBot

Executable exe 34fea5456bb0c7351da3e67c7bcc8f58bcb70ac5b7d9d70e1204a5f4556958c4

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/352584/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
AUTH_APIManipulates User AuthorizationADVAPI32.dll::GetSecurityDescriptorSacl
WIN_BASE_APIUses Win Base APIKERNEL32.dll::TerminateProcess
KERNEL32.dll::LoadLibraryW
KERNEL32.dll::GetStartupInfoW
KERNEL32.dll::GetCommandLineA
WIN_REG_APICan Manipulate Windows RegistryADVAPI32.dll::RegSetValueExA

Comments