MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3d5123637475c690e7758a6848a881fa7f16616f520fe06a53f99895355ed21b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DanaBot


Vendor detections: 5


Intelligence 5 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3d5123637475c690e7758a6848a881fa7f16616f520fe06a53f99895355ed21b
SHA3-384 hash: 28ec0d6dc1932f9710adff4c405dd8d27eab4a7c62de0a01e3a3d7342dd5d368fabaad60fdfd2ac4a36d3c736ebfc144
SHA1 hash: 863a66ca7cc99ce7dd8afd1246d1b1bc7b8f0c61
MD5 hash: 0b2c514381ba2c2db3d13ea18c243a9c
humanhash: lithium-venus-pizza-angel
File name:0b2c514381ba2c2db3d13ea18c243a9c.exe
Download: download sample
Signature DanaBot
Create hunting rule
File size:2'755'072 bytes
First seen:2020-06-09 05:30:53 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 314a4e290f9dad7ec2a52fca4eb9c09c (1 x DanaBot)
ssdeep 49152:J59Ql8+qnarFz4lO6ob00kZwJt+3crZFF0rwy5ukPatF1:J5eljqnGWwDJaqK1rhPa
Threatray 63 similar samples on MalwareBazaar
TLSH F1D5234373E2AC71E3F30670DE65C2A64C7DF9AA5E37561B3350174A3834291EA26B27
Reporter abuse_ch
Tags:DanaBot exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
876
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.DanaBot
Create hunting rule
Status:
Malicious
First seen:
2020-06-09 04:34:08 UTC
AV detection:
23 of 28 (82.14%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=hvisgy3uoxdjbz3vrjuerkeb7j7rmylpkih6a2st7gmjknk62inq._file
Verdict:
malicious
Similar samples:
1aff839a7b4b345500dfcd153a67649e04209b2a43722403d3065aa4f50ba673
DanaBot
219ce23454e6209702f4795e16765681936d2e4e4166c601a2ac412b15f4c1a5
DanaBot
677f90dd4838bff9c07d1f730907777ce27bdf40cca7a7a664cf675cf33b4622
DanaBot
720b101eeb0fd61433a644563ad541e1923a202a1116fda126534e89a805136c
DanaBot
91f107648a048f50e25c350d3e2c6c94e3f39775815179e011fed5548fde7917
DanaBot
94b9908c1d164acb68a30bacada251782c6e9dc64500718d12ebe4abf871b305
DanaBot
a13c95a98b340edd7eeeff2da8272761cd84d093f43888e5940451d02b1a2dc0
DanaBot
a7c37af821063d0a3be82a621e332f48c89bd83bec9c3ad092d4e357813c7e66
DanaBot
abd75572f897cdda88cec22922d15b509ee8c840fa5894b0aecbef6de23908a3
DanaBot
e4719e8d66fb27cb0a1f2168f22fdb0e1aa14058e82662ed61aa3bbe66f6a34e
DanaBot
+ 53 additional samples on MalwareBazaar
Result
Malware family:
danabot
Create hunting rule
Score:
  10/10
Tags:
family:danabot banker botnet trojan
Link:
https://tria.ge/reports/201109-e5rd18jkwj/
Behaviour
Suspicious use of WriteProcessMemory
Loads dropped DLL
Blacklisted process makes network request
Danabot
Danabot x86 payload
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:win_danabot_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DanaBot

Executable exe 3d5123637475c690e7758a6848a881fa7f16616f520fe06a53f99895355ed21b

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/367844/
  
Delivery method
Distributed via web download

Comments