MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5c424763e88a9f0ee8530e7eaa81d58f758d87d8dbb46457182bcefb4e8f703c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DanaBot


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5c424763e88a9f0ee8530e7eaa81d58f758d87d8dbb46457182bcefb4e8f703c
SHA3-384 hash: 93a454922270c0db00a0df81c1c4e0b878da3e3fe5fc309f46be0b88bbc39ba07ed1047830e477c34443776ffea6d40a
SHA1 hash: 4664a997323daac5e9772fce67e8194e262202fb
MD5 hash: 0a227a6e2c86d6cb7dab2e46b9549af0
humanhash: sixteen-robert-xray-minnesota
File name:0a227a6e2c86d6cb7dab2e46b9549af0.dll
Download: download sample
Signature DanaBot
Create hunting rule
File size:1'945'600 bytes
First seen:2021-11-29 19:19:05 UTC
Last seen:2021-11-29 20:39:22 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 2aba7c4b8dab457cf3783773a69d6c13 (1 x DanaBot)
ssdeep 49152:dQU1aLhQhG5NUAgoOa8nBc0SmmdWwMLwktw4BWe3qfn8+nFFQCxEsJwKQo:dfaNQh+NUABO/c0Y9AdT3qf8+gqJW
Threatray 7'758 similar samples on MalwareBazaar
TLSH T117958C51B602E726D6A86CB8FC00C5EF14F0BD49FE44D267F6C17F9FA932241A82519B
Reporter abuse_ch
Tags:DanaBot dll

Intelligence

File Origin
# of uploads :
2
# of downloads :
452
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PWS.Panda.13752.3094.336.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
DNS request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware
Link:
https://www.filescan.io/uploads/61a527e5bbfd2af97cbaa2a2/reports/10d15556-db2b-40cd-b1eb-61b5389e0c9c/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/1b0b6bb2-ede8-452a-b284-66953304b69d
Result
Threat name:
DanaBot
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/898195
Signature
C2 URLs / IPs found in malware configuration
Found malware configuration
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Yara detected DanaBot stealer dll
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 530676 Sample: oX9UlQRaDf.dll Startdate: 29/11/2021 Architecture: WINDOWS Score: 76 23 Found malware configuration 2->23 25 Multi AV Scanner detection for submitted file 2->25 27 Yara detected DanaBot stealer dll 2->27 29 C2 URLs / IPs found in malware configuration 2->29 7 loaddll32.exe 2 2->7         started        process3 process4 9 rundll32.exe 1 7->9         started        12 rundll32.exe 1 7->12         started        15 cmd.exe 1 7->15         started        17 rundll32.exe 1 7->17         started        dnsIp5 31 System process connects to network (likely due to code injection or exploit) 9->31 21 185.117.90.36, 443, 49765, 49766 HZ-NL-ASGB Netherlands 12->21 19 rundll32.exe 1 15->19         started        signatures6 process7
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5c424763e88a9f0ee8530e7eaa81d58f758d87d8dbb46457182bcefb4e8f703c/
Threat name:
Win32.Trojan.DanaBot
Create hunting rule
Status:
Malicious
First seen:
2021-11-29 02:34:50 UTC
File Type:
PE (Dll)
AV detection:
25 of 28 (89.29%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=lrbeoy7irkpq52ctbz7kvaovr52y3b6y3o2givyyfphpwtupoa6a._file
Verdict:
malicious
Label(s):
gozi
Create hunting rule
Similar samples:
107457df68604ea8accd379b9813bcbc9dd309d5db70858ceb4437537847007a
DanaBot
4ac64284bb256e7f69aff04d4a1abfee2bc39760314a641c6f58f87e7ebf68ea
DanaBot
8deb1074630e73bb34613f969b1424c5ab6d1ac09064f1eb4800f72c09fd0a11
DanaBot
cfcfe2a6f304ec880209f8b7a20ab8f58010dfbfbb13b8be419db3018f61d6cb
DanaBot
d25a0431bbf834e845cd7dea3fab2c09b0d116ccd2aa7f58f21ffb7ad81fb470
DanaBot
dc4ba92f484bcdc6da82f4ae45a57b87911907034dd85d8853a74511741311db
DanaBot
df8084af9861ef3e67f7402ff047cb2cd9d21ed270caad41a6aa2888024e1488
DanaBot
+ 7'748 additional samples on MalwareBazaar
Result
Malware family:
danabot
Create hunting rule
Score:
  10/10
Tags:
family:danabot banker trojan
Link:
https://tria.ge/reports/211129-x14m5scfbr/
Behaviour
Suspicious use of WriteProcessMemory
Blocklisted process makes network request
Danabot
Danabot Loader Component
Malware Config
C2 Extraction:
185.117.90.36:443
193.42.36.59:443
193.56.146.53:443
185.106.123.228:443
Unpacked files
SH256 hash:
8bcd9538bd8e73740c0ecbaf004b33215cd015461585e15841f9951c0360a738
MD5 hash:
360e74a248ffd75051cdd76863bca0aa
SHA1 hash:
13fc535345e62a6843b3593a31f3b87a7e95a295
Link:
https://www.unpac.me/results/35879440-a74f-4748-b33a-0f55a208504d/
SH256 hash:
5c424763e88a9f0ee8530e7eaa81d58f758d87d8dbb46457182bcefb4e8f703c
MD5 hash:
0a227a6e2c86d6cb7dab2e46b9549af0
SHA1 hash:
4664a997323daac5e9772fce67e8194e262202fb
Link:
https://www.unpac.me/results/35879440-a74f-4748-b33a-0f55a208504d/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/5c424763e88a9f0ee8530e7eaa81d58f758d87d8dbb46457182bcefb4e8f703c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DanaBot

DLL dll 5c424763e88a9f0ee8530e7eaa81d58f758d87d8dbb46457182bcefb4e8f703c

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1752281/
  
Delivery method
Distributed via web download

Comments