MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6af445508c18363e0031247cff75ed2a98c7565b22fce9621fba2c32e501fea9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DanaBot


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6af445508c18363e0031247cff75ed2a98c7565b22fce9621fba2c32e501fea9
SHA3-384 hash: 2b0656ffd11b831a8a5c8413b89aee427e90663e427de3b668682083a3e4ffd639cb0234722c8f0dbfccfb8cf98546fa
SHA1 hash: 3f90769914529d3cd466d5520893a86f40cea08d
MD5 hash: 043633501a5f0b27142047a055ebbbbd
humanhash: blossom-ceiling-april-arizona
File name:043633501a5f0b27142047a055ebbbbd.exe
Download: download sample
Signature DanaBot
Create hunting rule
File size:1'146'368 bytes
First seen:2021-07-22 15:42:24 UTC
Last seen:2021-07-22 16:52:02 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash d1928a342020b866506f1f9f22fa697b (1 x Loki, 1 x DanaBot)
ssdeep 24576:jb1oQCC/KB/ns4KdNYeN8N1w3jVfFHnxRsNqaNOyTn+Lz:k8KodNk1mjVfNnxR5uOgn+3
Threatray 2'785 similar samples on MalwareBazaar
TLSH T13635238072C1D537D19509B644D3D2A52F6FBC5AAE9C8903AE44B3CF6E312C291EEF46
dhash icon 48b9b2b0e8c18c90 (18 x RaccoonStealer, 5 x Smoke Loader, 3 x Glupteba)
Reporter abuse_ch
Tags:DanaBot exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
209
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
043633501a5f0b27142047a055ebbbbd.exe
Verdict:
Malicious activity
Analysis date:
2021-07-22 16:00:06 UTC
Tags:
trojan danabot
Link:
https://app.any.run/tasks/261c570a-391d-412f-8e6d-8e339080aa9a

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/173373/
Detection(s):
SecuriteInfo.com.Variant.Fugrafa.156647.25995.9810.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/d85cd960-e3a2-455a-9f86-cd01d614a2fa
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/820287
Signature
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6af445508c18363e0031247cff75ed2a98c7565b22fce9621fba2c32e501fea9/
Threat name:
Win32.Trojan.Racealer
Create hunting rule
Status:
Malicious
First seen:
2021-07-22 14:47:18 UTC
AV detection:
22 of 27 (81.48%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=nl2ekuemda3d4abrer6p65pnfkmmovs3el6osyq7xiwdfzib72uq._file
Verdict:
unknown
Similar samples:
09dc7dc14936ed8794d78cdb6eddc7f3776cba90b3942c2fa1ff7bdf329956cc
DanaBot
1033608024fd29faf3d43c466bc7fcfa70eed6c3e907ee57a85ad54cc2853692
DanaBot
173240b443fdb5cc7ed97cf6eedeb0d823924df3dab6d468c9da2898443f3ac6
DanaBot
2fbf6c5454bb88073ecbc13b293375ec58a9f8636c188881ffd7a3573f3c1cac
DanaBot
50575798954fd5dff1f376d1597a3d0ff52f51789c5ae98b48957590b540bcce
DanaBot
69fac4fe77b6da550498724f01e6db66d5c18a19c185d824bf62afdaccb0a7d6
DanaBot
8f71fca5621ccb7ba3558cfebc17014d27923d1c73ad97ececb577fd5b937047
DanaBot
8fa3eaa46c7d8d1f44a2eeca895f802f2aa7a2251bab347ccb765c72d63ccb58
DanaBot
d20393005bd47dc79acbf72c5f032a208c33aebb7f76f7bf01b69218161a1232
DanaBot
dab48eb20191f37e19aed12dc58640ab40957cec26dc3fa63a88f70decbd875c
DanaBot
+ 2'775 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/210722-g8phgf11dx/
Behaviour
Suspicious use of WriteProcessMemory
Drops file in Program Files directory
Loads dropped DLL
Blocklisted process makes network request
Unpacked files
SH256 hash:
1943321128622c30f2c8a0f49b770f548ca9a6ca59afa9b37d2a2f3e6e808bfb
MD5 hash:
1ddfa72f45fdb4f55b72a787e0e89136
SHA1 hash:
52d160ed64c0f9c9b10cdaf413488e675a0dac4e
Link:
https://www.unpac.me/results/3f275e76-b5f8-4d0b-8fa2-6bf8e28b35cc/
SH256 hash:
8ce3e816b194d8ee88c03825c5c0ba3e07f9a4bd859e5561dbdcead8d452a993
MD5 hash:
a22d46cf3c02d03f65f63f990a623243
SHA1 hash:
193d0d3a7af77997dea114c8188d400a5c299ad9
Link:
https://www.unpac.me/results/3f275e76-b5f8-4d0b-8fa2-6bf8e28b35cc/
SH256 hash:
6af445508c18363e0031247cff75ed2a98c7565b22fce9621fba2c32e501fea9
MD5 hash:
043633501a5f0b27142047a055ebbbbd
SHA1 hash:
3f90769914529d3cd466d5520893a86f40cea08d
Link:
https://www.unpac.me/results/3f275e76-b5f8-4d0b-8fa2-6bf8e28b35cc/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/6af445508c18363e0031247cff75ed2a98c7565b22fce9621fba2c32e501fea9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DanaBot

Executable exe 6af445508c18363e0031247cff75ed2a98c7565b22fce9621fba2c32e501fea9

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1467030/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1461110/
Cape
Cape
https://www.capesandbox.com/analysis/173373/

Comments