MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5013a5b855770c2269a5c8650d7ad15414e59c024bdeca76ac599a3f094507da. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DanaBot


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5013a5b855770c2269a5c8650d7ad15414e59c024bdeca76ac599a3f094507da
SHA3-384 hash: 226b2a2e06bc29b695119a0887a38f420750bff41038985b0cab7cc590c0e0e5008534d35ff17888eb9a462cb3d399ff
SHA1 hash: 4ee01e1b2181f98f0c4fa8766ac67590d3ebdedd
MD5 hash: 039af767d7b504afb2bf86f6dfddc594
humanhash: gee-moon-fish-september
File name:039af767d7b504afb2bf86f6dfddc594.exe
Download: download sample
Signature DanaBot
Create hunting rule
File size:1'773'056 bytes
First seen:2021-11-22 13:12:55 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash d1bfe1850bd73f3d3b006c3f4b37a341 (7 x RedLineStealer, 1 x Loki, 1 x DanaBot)
ssdeep 49152:Qe9u6+q677jg0PImICLA4ObTwH3RnUdgzO:y6Qc0PyCLA4Obrdf
Threatray 7'411 similar samples on MalwareBazaar
TLSH T19185235677A3C179C9B6EF312B20FA6189FF7837B021114AB794151E2E30AD0ADDE721
File icon (PE):PE icon
dhash icon fcfcb4d4d4d4d8c0 (70 x RedLineStealer, 59 x RaccoonStealer, 24 x Smoke Loader)
Reporter abuse_ch
Tags:DanaBot exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
436
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
039af767d7b504afb2bf86f6dfddc594.exe
Verdict:
Malicious activity
Analysis date:
2021-11-22 13:18:34 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/cfe8b115-0b01-489b-960d-6a2570ff3833

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Gathering data
Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Launching a process
Creating a file
Enabling the 'hidden' option for recently created files
DNS request
Creating a process with a hidden window
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/619b9760dd04e7d00e023b3d/reports/c5d017a6-6401-4bbd-a9b3-25575c32253a/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/b54cb08d-c57e-4c07-a20c-2c06cd1cb509
Result
Threat name:
DanaBot
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
96 / 100
Link:
https://www.joesandbox.com/analysis/893836
Signature
C2 URLs / IPs found in malware configuration
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Yara detected DanaBot stealer dll
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5013a5b855770c2269a5c8650d7ad15414e59c024bdeca76ac599a3f094507da/
Threat name:
Win32.Ransomware.StopCrypt
Create hunting rule
Status:
Malicious
First seen:
2021-11-22 13:13:34 UTC
File Type:
PE (Exe)
Extracted files:
18
AV detection:
23 of 28 (82.14%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
250c1dda429b8b2c8b638ddc80999039267bda7b959d5a854c5f4855601df548
DanaBot
36499f5c573a8752c3b566b19e52f3a235e73e4cdb7123f3452a007c945f7daf
DanaBot
4c10e02c77070c0558030d3e6ae93d73fb02ef21665eab6359f8a1b17fde0b9a
DanaBot
4f4a33f70099855f5f503716515f388da3a5daa1e2fac59ec6c881e89ef7d072
DanaBot
5d7bc178cb3eafae7b2c99b2cfd2ceec87119cf2403f86af87435d4479f36724
DanaBot
7ec78d6c2c919a22185cb0000f2e273d66019b8409a3ca47c819d44cedead22e
DanaBot
8dec5ed95d3ca077bb1c2695074877a7160f97960df22a119d9f2debfb18dc0b
DanaBot
9381faa9dcbde308f4ce87d5dfc36b6a5e8e2a263057ecb2d8f8840061ac2a58
DanaBot
c565ce12f63b1cb897156e0234907a49517439247747cc7df5b69952c1e7ce43
DanaBot
e4938a8244543631ae11deb46e8b4cc3f0a8b8b7c2d4a1246f5bfadb29e0094c
DanaBot
+ 7'401 additional samples on MalwareBazaar
Result
Malware family:
danabot
Create hunting rule
Score:
  10/10
Tags:
family:danabot banker trojan
Link:
https://tria.ge/reports/211122-qf3rsaaee9/
Behaviour
Suspicious use of WriteProcessMemory
Loads dropped DLL
Danabot
Malware Config
C2 Extraction:
142.11.244.223:443
23.106.122.139:443
Unpacked files
SH256 hash:
978c2ba55c0580672add1f1ac85cba1aa1ca217d2eb5bda1f48338562c37e15b
MD5 hash:
612497e421d684c01366afe2b6a820c9
SHA1 hash:
fff2e5e4e607c97c6b192d6e473c1ea79bd03183
Link:
https://www.unpac.me/results/855f4633-3042-4778-b9be-1d14ba506e6b/
SH256 hash:
10f9dc866c6d545e7bb2a8a8ff09338920a7b91b89cde9ac300e1a6f096cf138
MD5 hash:
1ceb7503c1adc04446366bdfda78592b
SHA1 hash:
85a050fcad9bdbd18efcf07d63b06a7f08923cd1
Link:
https://www.unpac.me/results/855f4633-3042-4778-b9be-1d14ba506e6b/
SH256 hash:
5013a5b855770c2269a5c8650d7ad15414e59c024bdeca76ac599a3f094507da
MD5 hash:
039af767d7b504afb2bf86f6dfddc594
SHA1 hash:
4ee01e1b2181f98f0c4fa8766ac67590d3ebdedd
Link:
https://www.unpac.me/results/855f4633-3042-4778-b9be-1d14ba506e6b/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/5013a5b855770c2269a5c8650d7ad15414e59c024bdeca76ac599a3f094507da

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DanaBot

Executable exe 5013a5b855770c2269a5c8650d7ad15414e59c024bdeca76ac599a3f094507da

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1772785/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/208164/

Comments