MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 44c7ef261a066790a4ce332afc634fb5f89f3273c0c908ec02ab666088b27757. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DanaBot


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 44c7ef261a066790a4ce332afc634fb5f89f3273c0c908ec02ab666088b27757
SHA3-384 hash: 32232aed6a5674b7187ddbbe2def3ce24fa65df9f22d549e7a211c00ce87d64b6bf6f54b662262df9eefbe113a0e195a
SHA1 hash: b318e14538859a905721a9c99a8de62db9dada19
MD5 hash: 20efcaba068e7a3cfbf8fca4b4badb61
humanhash: october-black-snake-quebec
File name:regsrtjser346(2).exe_
Download: download sample
Signature DanaBot
Create hunting rule
File size:1'212'525 bytes
First seen:2020-03-17 18:49:01 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 4cfda23baf1e2e983ddfeca47a5c755a (32 x RedLineStealer, 6 x Dridex, 5 x NetSupport)
ssdeep 24576:t20gPgFKB1IVZQLvA5QxAVBbIcXK8QrZRpnnSqQGOrQIfTEwy+3MJk2ugX5W:EKg1IVZQTrxAjIE9QpSqQVrfZ73MTugc
Threatray 16 similar samples on MalwareBazaar
TLSH 554501433581C27DE8672870D95DA9F2A670BC39D512A04FB3E53E2977B0B62C606F53
Reporter oppimaniac
Tags:DanaBot exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
710
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PWS.Stealer.24943.1502.UNOFFICIAL
Create hunting rule

Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
92 / 100
Link:
https://www.joesandbox.com/analysis/335160
Behaviour
Behavior Graph:
n/a
Gathering data
Threat name:
Win32.Trojan.Danabot
Create hunting rule
Status:
Malicious
First seen:
2020-03-16 18:04:28 UTC
AV detection:
23 of 30 (76.67%)
Threat level:
  2/5
Verdict:
malicious
Similar samples:
32031ca4487b08af41a597da7d22c05a3d4f676c33119c057f3f4a1431217887
DanaBot
3c6d1adb8c659c6608e4fa44fe880adb352bd9e8491430b4f559604fd412e181
DanaBot
4bf2f4dd9ecaa28ecebae186a118cf66f8fce7ee8790351ca7224516ff47010e
DanaBot
504eb3ba676729d316c8f6639ae45b0be030124e0c3007e9edade3b57b49e708
DanaBot
5d65fcb03519e2de623db04685570406c586ee4d121c9381910932cf2e1bd344
DanaBot
649be52b6b0d362efcfc6f1dd79a6b8fbcf85eb2b68f0138f87b6e1cc7e5a418
DanaBot
c2d9409c2209201334bd83a2e1257be8adc7506019a721abe359249dbd74eced
DanaBot
c58594d414c882ce33499233c2f508789e5fa4d91b79ef01d763012e39d7b095
DanaBot
d0198b775182eab3ed405bd0d946006ec8616b61083e643200d1d34fe8cae2f3
DanaBot
da19555286a99fed6a4a84c0c4b76e793618299f6d4cc2fe31373ddc033d8dcc
DanaBot
+ 6 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/44c7ef261a066790a4ce332afc634fb5f89f3273c0c908ec02ab666088b27757

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DanaBot

Executable exe 44c7ef261a066790a4ce332afc634fb5f89f3273c0c908ec02ab666088b27757

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/325698/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
COM_BASE_APICan Download & Execute componentsole32.dll::CoCreateInstance
ole32.dll::CreateStreamOnHGlobal
SECURITY_BASE_APIUses Security Base APIADVAPI32.dll::AdjustTokenPrivileges
ADVAPI32.dll::SetFileSecurityW
SHELL_APIManipulates System ShellSHELL32.dll::ShellExecuteExW
SHELL32.dll::SHFileOperationW
SHELL32.dll::SHGetFileInfoW
WIN32_PROCESS_APICan Create Process and ThreadsADVAPI32.dll::OpenProcessToken
KERNEL32.dll::CloseHandle
KERNEL32.dll::CreateThread
WIN_BASE_APIUses Win Base APIKERNEL32.dll::TerminateProcess
KERNEL32.dll::LoadLibraryW
KERNEL32.dll::LoadLibraryA
KERNEL32.dll::GetStartupInfoA
KERNEL32.dll::GetCommandLineW
KERNEL32.dll::GetCommandLineA
WIN_BASE_EXEC_APICan Execute other programsKERNEL32.dll::WriteConsoleW
KERNEL32.dll::WriteConsoleA
KERNEL32.dll::SetStdHandle
KERNEL32.dll::GetConsoleOutputCP
KERNEL32.dll::GetConsoleMode
KERNEL32.dll::GetConsoleCP
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::CreateDirectoryW
KERNEL32.dll::CreateHardLinkW
KERNEL32.dll::CreateFileMappingW
KERNEL32.dll::CreateFileW
KERNEL32.dll::CreateFileA
KERNEL32.dll::DeleteFileW
WIN_BASE_USER_APIRetrieves Account InformationADVAPI32.dll::LookupPrivilegeValueW
WIN_REG_APICan Manipulate Windows RegistryADVAPI32.dll::RegCreateKeyExW
ADVAPI32.dll::RegOpenKeyExW
ADVAPI32.dll::RegQueryValueExW
ADVAPI32.dll::RegSetValueExW
WIN_USER_APIPerforms GUI ActionsUSER32.dll::FindWindowExW
USER32.dll::PeekMessageW
USER32.dll::CreateWindowExW

Comments