MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 70bee3fa2bf61c13b1e94ab33d6ac070ef107085c10abb28ccb92e5b6449deee. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

DanaBot

Vendor detections: 10

Intelligence 10 IOCs YARA File information Comments

SHA256 hash:	70bee3fa2bf61c13b1e94ab33d6ac070ef107085c10abb28ccb92e5b6449deee
SHA3-384 hash:	e3898a72b662a0e9a24c5ef549840f0d38c423ac3e12713c040fdec919773c61fabad956b1b5c9af40c7c9afdff42d1c
SHA1 hash:	8f2904556c18ec2ee11d839af287e40d1eb30a1d
MD5 hash:	fd97fdb20a2238cfd5589bc05e14a80a
humanhash:	angel-fish-gee-butter
File name:	fd97fdb20a2238cfd5589bc05e14a80a.exe
Download:	download sample
Signature	DanaBot Create hunting rule
File size:	1'122'304 bytes
First seen:	2022-04-01 13:24:15 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	0ae6434a5f502e4848fb7a3df766bf78 (1 x RedLineStealer, 1 x DanaBot, 1 x Amadey)
ssdeep	24576:JIFEyZ4RLmi7d2iDxyREReIAlGro/gdRtsi8/PUACBowV53kNWS:JlyU9gSRtAvoDtsi8nUAKnVRI
Threatray	10'521 similar samples on MalwareBazaar
TLSH	T13D351220BA90C031F4B326F499BA57A8AA3E7A716B3091CF22D517ED5A757D5DC3030B
File icon (PE):
dhash icon	b2dacabecee6baa6 (148 x RedLineStealer, 145 x Stop, 100 x Smoke Loader)
Reporter	abuse_ch
Tags:	DanaBot exe

Intelligence

File Origin

# of uploads :

# of downloads :

814

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Variant.Mikey.135937.29427.25205.UNOFFICIAL

Win.Packed.Ransomx-9942692-0

Win.Dropper.Tofsee-9942707-0

Result

Verdict:

Suspicious

Maliciousness:

Behaviour

Searching for synchronization primitives

Launching the default Windows debugger (dwwin.exe)

Creating a window

Launching a process

Sending a custom TCP request

Sending an HTTP GET request

Creating a file in the %temp% directory

Сreating synchronization primitives

Unauthorized injection to a system process

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/12326/overview

Behaviour

MeasuringTime

SystemUptime

CheckCmdLine

EvasionGetTickCount

EvasionQueryPerformanceCounter

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

greyware packed

Link:

https://www.filescan.io/uploads/6246fd399253b276b7c05bee/reports/7447ac07-f4f3-492b-8d31-d6a2c3490ed3/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

DanaBot

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/6868bec2-aa0a-4696-b7d3-935a375ab686

Result

Threat name:

DanaBot

Detection:

malicious

Classification:

troj.evad

Score:

80 / 100

Link:

https://www.joesandbox.com/analysis/969151

Signature

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Found potential dummy code loops (likely to delay analysis)

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Yara detected DanaBot stealer dll

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/70bee3fa2bf61c13b1e94ab33d6ac070ef107085c10abb28ccb92e5b6449deee/

Threat name:

Win32.Trojan.Mikey

Status:

Malicious

First seen:

2022-04-01 13:25:09 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

24 of 42 (57.14%)

Threat level:

5/5

Verdict:

malicious

DanaBot

23229b2ceee2481db7c9e645e849efe08ea77e0a7dff48448d45896f3bd49c0e

DanaBot

26d64a54a7d7c19a0c9c865c6ba67a4bbda227599f1e7d79e08a570637c4ea12

DanaBot

3b9cd0cbd0216c7880e6edbf90c8c98d0800f7a562c3a845559b3375dfa09f8f

DanaBot

4e97c34bc866c9e70fca69b0375d14534d98bccfaae683924a08328c75ab5416

DanaBot

5cf233d7267a011a4e21064d530fc1b6e80f995b22cf86b29e773d13a463a628

DanaBot

6e33bb5afea750c9d310218cf18796b7e1754332684bf92806ccba081bcc5a69

DanaBot

a664d80c5b8a2203288086ed56c42f443622e787beae17677b1504ab524a2795

DanaBot

d884436a17d35656ddeae1a06103d0b787d9f22851fedba571293898f6fd3645

DanaBot

+ 10'511 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://tria.ge/reports/220401-qnyg2agbek/

Behaviour

Suspicious use of WriteProcessMemory

Program crash

Blocklisted process makes network request

Unpacked files

SH256 hash:

a50f4df7c4003cc40d5cd29a6bf42604ac5fa7a49882da5e4a91d0925ea666d7

MD5 hash:

7e696e84b5d1e0af170cdf5452b837e2

SHA1 hash:

6963c9b653d8f6c5be4b9a0bf4dd3c8aec94b963

Link:

https://www.unpac.me/results/b6158c66-9fc4-44f8-a6b8-16ef6501e297/

SH256 hash:

70bee3fa2bf61c13b1e94ab33d6ac070ef107085c10abb28ccb92e5b6449deee

MD5 hash:

fd97fdb20a2238cfd5589bc05e14a80a

SHA1 hash:

8f2904556c18ec2ee11d839af287e40d1eb30a1d

Link:

https://www.unpac.me/results/b6158c66-9fc4-44f8-a6b8-16ef6501e297/

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/70bee3fa2bf6/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/70bee3fa2bf61c13b1e94ab33d6ac070ef107085c10abb28ccb92e5b6449deee

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample