MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 69f4f29d3eb2f05d7b7f4f736375765b7ed97d0948460adb95ad134b1f54a880. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DanaBot


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 69f4f29d3eb2f05d7b7f4f736375765b7ed97d0948460adb95ad134b1f54a880
SHA3-384 hash: 82a659a506932d838b7382305660f56e885ce55f98b9a4d30775f6055f0d3bddb751916c9b1dc54f5216a9972ca26fe7
SHA1 hash: cdbf1cd7314bc72d57cf80730bf6d3f4fce4abb8
MD5 hash: 696ef0c957205145ceda80bc210e91a0
humanhash: stairway-alaska-aspen-alaska
File name:696ef0c957205145ceda80bc210e91a0
Download: download sample
Signature DanaBot
Create hunting rule
File size:1'111'552 bytes
First seen:2022-03-04 22:20:42 UTC
Last seen:2022-03-04 23:41:33 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f6621422cf56fb08a3e0309a34ab8e25 (3 x DanaBot, 1 x Smoke Loader)
ssdeep 24576:QwFi9DFt53Oixuqlg9XFy8rv8OL+x9NChxIqU:N8Tbk48b8OLYgx3U
Threatray 9'834 similar samples on MalwareBazaar
TLSH T1A735232376A0D072C91D087D4510C6EDAA77B8F3BB3699476690263F0F726D2DEA530E
File icon (PE):PE icon
dhash icon 38b078cccacccc43 (123 x Smoke Loader, 83 x Stop, 63 x RedLineStealer)
Reporter zbetcheckin
Tags:32 DanaBot exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
599
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/247470/
Detection(s):
SecuriteInfo.com.Trojan.MalPack.GS.23058.32262.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for synchronization primitives
Launching the default Windows debugger (dwwin.exe)
Creating a window
Launching a process
Sending an HTTP GET request
Creating a file in the %temp% directory
Сreating synchronization primitives
Unauthorized injection to a system process
Sending a TCP request to an infection source
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/8259/overview
Behaviour
MeasuringTime
SystemUptime
EvasionQueryPerformanceCounter
EvasionGetTickCount
CheckCmdLine
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
DanaBot
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/0598b945-5a35-46e2-9af1-63e1277ff012
Result
Threat name:
DanaBot
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
45 / 100
Link:
https://www.joesandbox.com/analysis/951070
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Yara detected DanaBot stealer dll
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/69f4f29d3eb2f05d7b7f4f736375765b7ed97d0948460adb95ad134b1f54a880/
Threat name:
Win32.Trojan.Azorult
Create hunting rule
Status:
Malicious
First seen:
2022-03-04 22:21:14 UTC
File Type:
PE (Exe)
Extracted files:
14
AV detection:
23 of 27 (85.19%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
23229b2ceee2481db7c9e645e849efe08ea77e0a7dff48448d45896f3bd49c0e
DanaBot
2f43972540a6cae0eb4e50d142860bdc278b44b9b4606747c58e19383efa82f5
DanaBot
532e3e9ec546f0030d3fef0bddc224f868c55bb00d1914cdb7157a3e74f5bd28
DanaBot
5cf233d7267a011a4e21064d530fc1b6e80f995b22cf86b29e773d13a463a628
DanaBot
6e33bb5afea750c9d310218cf18796b7e1754332684bf92806ccba081bcc5a69
DanaBot
a0bc490c4a5263a90e83476958a538d960a94437432c4561008a6c9bb4af2b17
DanaBot
d884436a17d35656ddeae1a06103d0b787d9f22851fedba571293898f6fd3645
DanaBot
+ 9'824 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
suricata
Link:
https://tria.ge/reports/220304-19m9ashegn/
Behaviour
Checks processor information in registry
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Suspicious use of SetThreadContext
Blocklisted process makes network request
suricata: ET MALWARE Danabot Key Exchange Request
Unpacked files
SH256 hash:
e37dded0a23512e2712c1e931a2192805023e83c33418eb7d1a860da9e5a93d4
MD5 hash:
d9670f2a594357671940dc7157936551
SHA1 hash:
0e5af9d2c689cd50acdb0043ef1594cfbb0455ab
Link:
https://www.unpac.me/results/e0e38a66-3aab-4c36-b691-5252e0201b6d/
SH256 hash:
69f4f29d3eb2f05d7b7f4f736375765b7ed97d0948460adb95ad134b1f54a880
MD5 hash:
696ef0c957205145ceda80bc210e91a0
SHA1 hash:
cdbf1cd7314bc72d57cf80730bf6d3f4fce4abb8
Link:
https://www.unpac.me/results/e0e38a66-3aab-4c36-b691-5252e0201b6d/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/69f4f29d3eb2f05d7b7f4f736375765b7ed97d0948460adb95ad134b1f54a880

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DanaBot

Executable exe 69f4f29d3eb2f05d7b7f4f736375765b7ed97d0948460adb95ad134b1f54a880

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/247470/

Comments


Avatar
zbet commented on 2022-03-04 22:20:44 UTC

url : hxxp://23.106.122.198/accid5db.exe