MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 637d8c2a652b364d37a2d184e9e04ad252353370c9c1cb987410e6030dbdd5ae. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DanaBot


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 637d8c2a652b364d37a2d184e9e04ad252353370c9c1cb987410e6030dbdd5ae
SHA3-384 hash: cd1bcb5addf7557a20f458a6a0c280852e5b6916510c8b3d7328506c5b38927fe8ed146dd02c108d5d49913fbeb388f3
SHA1 hash: 85e269e644076c4c6577f2a8d847c3ca74d11147
MD5 hash: ddde0c7bd614d95d6cec4d2ff4837556
humanhash: mississippi-fruit-magazine-florida
File name:ddde0c7bd614d95d6cec4d2ff4837556
Download: download sample
Signature DanaBot
Create hunting rule
File size:1'066'496 bytes
First seen:2021-09-23 12:36:29 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f7987bf55fcab080da60dcb9686a7f63 (9 x RedLineStealer, 3 x RaccoonStealer, 2 x Tofsee)
ssdeep 12288:HRI45SISBdX1vSsPFlDFiJvE0lXWN7wGaR8+trQRVh4M6iEEfRQJrzGy9vt81SYv:x3Ad3lBPPFigFEFrQRVh2iE6QlVi1d
Threatray 5'654 similar samples on MalwareBazaar
TLSH T14835238215F1C037F6272EF0CDF5D1988AFEB863A4B5586A37C526A64F613C1D9A8313
File icon (PE):PE icon
dhash icon 1072c293b0381906 (17 x RedLineStealer, 5 x Stop, 4 x DanaBot)
Reporter zbetcheckin
Tags:32 DanaBot exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
260
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
ddde0c7bd614d95d6cec4d2ff4837556
Verdict:
Malicious activity
Analysis date:
2021-09-23 12:37:20 UTC
Tags:
trojan danabot
Link:
https://app.any.run/tasks/cfc178e0-78c8-4832-a793-5dce29d852d6

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
DanaBot
Create hunting rule
Link:
https://www.capesandbox.com/analysis/190744/
Detection(s):
SecuriteInfo.com.W32.AIDetect.malware2.28491.15089.UNOFFICIAL
Create hunting rule

Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/5890df90-d559-48e8-a8ee-801bfc8f6523
Result
Threat name:
DanaBot
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
96 / 100
Link:
https://www.joesandbox.com/analysis/856766
Signature
C2 URLs / IPs found in malware configuration
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Yara detected DanaBot stealer dll
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/637d8c2a652b364d37a2d184e9e04ad252353370c9c1cb987410e6030dbdd5ae/
Threat name:
Win32.Trojan.Racealer
Create hunting rule
Status:
Malicious
First seen:
2021-09-23 12:37:09 UTC
AV detection:
18 of 28 (64.29%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
0fa94fb3399528ee6652f3852baac8c399f267ed82ff74730881400494477a83
DanaBot
247b4e32c0a8a4d4dea1362f22fa214ef5ce234ffba6d34cba720c6b71da61ec
DanaBot
37959fd0b7360fc0aedb35ac28e39aa474e3b36ed4972f600b5db47da19d0bf8
DanaBot
4b735599ef5aac480c58627f4b72af26cfe4b66c9a62ffd93998314ce27e9586
DanaBot
5c3162c36576b287b91705301199e60485f31ab98b4bd11e8ed4445b8131cf08
DanaBot
9c1060f235f5c568ca7461ead6d60926d416d18451b755efd3ab1465681e9d80
DanaBot
ae6ec966a4d2912897da41c2e20296c0cc2ac5b30fd57ee20420bd7212e98042
DanaBot
c70d30eabc072c72aa4c934ec92ea25b0e75c53a006b510e35ad1aefe0892912
DanaBot
cb2244f51a480169293e39a16b104aa14e98543b17b76b3ab5a16640d48d29cc
DanaBot
d37a741c4abb937ef11a2b0536a641db1b50859be5310eb8781bf18bbdd9b9bd
DanaBot
+ 5'644 additional samples on MalwareBazaar
Gathering data
Unpacked files
SH256 hash:
680d96391fcd6b5b085fc389da9a933d2cf41a8bf9c71c4c711ccf660b8f94e2
MD5 hash:
baf2a8eb922dc82fa691ebb99786d4d3
SHA1 hash:
9bb5b28df8a7ad9b40bb6aeb1db53ad0315639f3
Link:
https://www.unpac.me/results/12c8d2c1-6ab3-4cc6-a888-32950760629f/
SH256 hash:
1e3d23f51d645491ee1b9d0330e7e518d5f2e8fb1d43fd85b2cce890a5f7420f
MD5 hash:
76a1c75e53720bc07add51d432b0abba
SHA1 hash:
edc4c9cb04aa23313c9bcba65924d9f312518948
Link:
https://www.unpac.me/results/12c8d2c1-6ab3-4cc6-a888-32950760629f/
SH256 hash:
637d8c2a652b364d37a2d184e9e04ad252353370c9c1cb987410e6030dbdd5ae
MD5 hash:
ddde0c7bd614d95d6cec4d2ff4837556
SHA1 hash:
85e269e644076c4c6577f2a8d847c3ca74d11147
Link:
https://www.unpac.me/results/12c8d2c1-6ab3-4cc6-a888-32950760629f/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/637d8c2a652b364d37a2d184e9e04ad252353370c9c1cb987410e6030dbdd5ae

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DanaBot

Executable exe 637d8c2a652b364d37a2d184e9e04ad252353370c9c1cb987410e6030dbdd5ae

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1640832/
  
URLhaus
https://urlhaus.abuse.ch/url/1640605/
Cape
Cape
https://www.capesandbox.com/analysis/190744/

Comments


Avatar
zbet commented on 2021-09-23 12:36:30 UTC

url : hxxp://78.142.29.121/root.exe