MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 711d37b4962ad4756eadd8b899c296cd7d43326f0d70f35854b7955439fa8c3b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
DanaBot
Vendor detections: 13
| SHA256 hash: | 711d37b4962ad4756eadd8b899c296cd7d43326f0d70f35854b7955439fa8c3b |
|---|---|
| SHA3-384 hash: | a68c15c704ee8e0f7f367ef333533cc559552a1791801910b170439ec8a4127515f146f4f5b12a8525026ef44ddcc367 |
| SHA1 hash: | 89a37a9b35c1b085f405b002729294631adbaf96 |
| MD5 hash: | 7359f40e1100c0c800bc84977512e8f4 |
| humanhash: | west-oklahoma-quebec-green |
| File name: | 7359f40e1100c0c800bc84977512e8f4.exe |
| Download: | download sample |
| Signature | DanaBot |
| File size: | 6'377'984 bytes |
| First seen: | 2022-10-28 09:31:47 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | ff6659a3b7adcc9d3b718a91e331c2a9 (4 x Smoke Loader, 3 x RedLineStealer, 3 x Amadey) |
| ssdeep | 98304:wIE4h3G2236vWMezwC7j0D4/zeq/YP9g2Clrx9/qXlcwpA4qd/R3f8yAg5DsVgm2:jJ2hpUxkq3PGPzyxGRkitsV2wh0KZ |
| Threatray | 196 similar samples on MalwareBazaar |
| TLSH | T17A563307294210BDE1B604316079D6E867BE56C2AF3BC5773A0E5F5A4BF02CA3B5A70D |
| TrID | 40.3% (.EXE) Win64 Executable (generic) (10523/12/4) 19.3% (.EXE) Win16 NE executable (generic) (5038/12/1) 17.2% (.EXE) Win32 Executable (generic) (4505/5/1) 7.7% (.EXE) OS/2 Executable (generic) (2029/13) 7.6% (.EXE) Generic Win/DOS Executable (2002/3) |
| File icon (PE): |  |
| dhash icon | 480c1c4c4f590f14 (27 x Smoke Loader, 12 x Tofsee, 8 x RedLineStealer) |
| Reporter |  abuse_ch |
| Tags: | DanaBot exe |
Intelligence
File Origin
# of uploads :
1
# of downloads :
299
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
danabot
ID:
1
File name:
7359f40e1100c0c800bc84977512e8f4.exe
Verdict:
Malicious activity
Analysis date:
2022-10-28 09:36:34 UTC
Tags:
danabot
Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
DanaBot
Detection(s):
Result
Verdict:
Clean
Maliciousness:
Behaviour
Searching for the window
Creating a file in the %temp% directory
Searching for synchronization primitives
Launching the default Windows debugger (dwwin.exe)
Сreating synchronization primitives
Launching a process
Creating a process with a hidden window
Creating a window
Verdict:
Suspicious
Threat level:
5/10
Confidence:
100%
Tags:
greyware packed
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
DanaBot
Verdict:
Malicious
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
68 / 100
Signature
Antivirus detection for dropped file
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.MintZard
Status:
Malicious
First seen:
2022-10-27 22:27:12 UTC
File Type:
PE (Exe)
Extracted files:
22
AV detection:
23 of 26 (88.46%)
Threat level:
5/5
Detection(s):
Suspicious file
Verdict:
malicious
Similar samples:
+ 186 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
8/10
Tags:
n/a
Behaviour
Checks processor information in registry
Modifies registry class
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Suspicious use of SetThreadContext
Checks computer location settings
Loads dropped DLL
Blocklisted process makes network request
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Unpacked files
SH256 hash:
abbba64613b983fd37debcc0a1e78c23d793d410dce45e43a2a267dc04479235
MD5 hash:
2b2c3573ab480e13832b1dc56232c08e
SHA1 hash:
07f12c7b606e4b59e26197e3642e3c7909d8db6f
SH256 hash:
ca979c8ea275779fc1d071c75a8889f8562d3acee170b0772938511aaef1c049
MD5 hash:
be2e465c9e97d680a3eb5073ef7c10bd
SHA1 hash:
42c18355f4e84f15e366a8d19a5e7a7270f12d02
SH256 hash:
d927aed98605099bcb0222c6b395b8a27e697464dc33315d085f4e53a04399c8
MD5 hash:
d620c89c26677a85689634e2a62de328
SHA1 hash:
11e09c0bea122b1b00ac427ef9343699b88d5595
SH256 hash:
1e0ed2ee99195ef2a03317d2a8052923568c26dc732b625b4e3cff6db1e1f455
MD5 hash:
753e816f108da0a7910094e3247fb762
SHA1 hash:
797b006812c54cff63791894230567d305f60d61
SH256 hash:
f0d60a06f84f1b7a5a89a6138d14a8c0f7e46115902ffb0e88be1c3149e6ac7d
MD5 hash:
04b2dab198d2683bb2cbe79bd88ebb2c
SHA1 hash:
a7c236cee7605e78296eeb96f705f714ef070ae6
SH256 hash:
c29590bc296eca6836185347c32306dbe3b03063d4e0ed862fc2433b2d76a4dc
MD5 hash:
d031ea95f9d89ba3b120e64c5f5640d9
SHA1 hash:
87f8640c60b82cda5da5c858e3f2bed92e06a312
SH256 hash:
d2080a4fddf2bb2c1557eaf6891067816c8d547b3f2df4dcc1c2aa59fc181d5c
MD5 hash:
f929e4259b1e6514cf963ca83eede27f
SHA1 hash:
aba663e00380d4656e554c8008693a11e8bd245b
SH256 hash:
fa0437b4a5ae6d5a4bb0fea0433c0cc222fa541f184efecb982882e39e364686
MD5 hash:
30cc31f5ebe6aaad3afa2a440086f30a
SHA1 hash:
d3e782a45b6bea625d766644172fd4f3e96a6b83
SH256 hash:
de148fe3c49d1cdc0312eda46b1d51415dae360834274ee98c796cbbbf44a1c6
MD5 hash:
71c56582ec7d359e0a450f14001a0174
SHA1 hash:
3805af094015a0ca892b0b5aa8b785da41c019ee
SH256 hash:
8e247bab5ee9a007d19ceb89dbf788bda9d6a0c8ea7ed05aa95e64db4eb07686
MD5 hash:
3884c5ab630e33cf57421a6168a8f375
SHA1 hash:
01c6bc1570a0be47b0b2cafee35e3a727a9f1e6d
SH256 hash:
7365c1262cdb78d1cae4d92aadd54276bb2f58202766e53f40ccf49ca607be96
MD5 hash:
c80e3ee3e6a809480a2f952782866892
SHA1 hash:
0b96f58eeaea51ba1cf4937135aaa76002a6a618
SH256 hash:
8f13b54b00c79058ef98a7d68ac14cfe41c03ff99cac5524d4d0de6592a47a9e
MD5 hash:
499f06bab763fe49764fef695f6532c4
SHA1 hash:
4e43f324c06fb2c96b6bc713e5a4d460da9cbf66
SH256 hash:
fdcaaefa8ef5cbe666aa4538dd63723f881c5064dd4660f3121f3e37ec2fb493
MD5 hash:
81ee63de7e5a43f0b192f79742937d75
SHA1 hash:
ad59c6804b10983fd4db0a8324fe92712eb36aee
SH256 hash:
0a5844290e75a9104ca3c0351e6e735b8767c7481e39021a380faf30855ece40
MD5 hash:
7feff944cf1af42b5b5b8ff8030e6e88
SHA1 hash:
80da92346ffe59b68a76f870361ab402cb68cfb1
SH256 hash:
2b33f209a0bfe2887eb72b83dde26bc6bc09ddf1d81fad908e256eadffb0753a
MD5 hash:
c63e04195331a6e5f649209d6f30ebeb
SHA1 hash:
3b5f77d917d569c0fbc68ea7facd9c3c179e1dd7
SH256 hash:
9519c1ab07352c4741c695419a9fca4961f09d38c689dc99f4b242e9bab3909f
MD5 hash:
284295abd95b9eaf9e0cd647671f1850
SHA1 hash:
6f77bd64c6dd2aaff5fca768a427be48c6af54b8
SH256 hash:
1a3c26af28b469c2e67d86e9f9371e763a43df34734532ff21b1df0ac6fd9301
MD5 hash:
6145ef93caaf2f84703ebcf64f6cf539
SHA1 hash:
e85a2ea0235cf19fa61e56a0cefa93cb5f816fd3
SH256 hash:
34116160d5c937f348b4701202b00fc17a270de784f9a4c9c8e54e1edb3c7eec
MD5 hash:
c51ac88f71acefdeea9e6dbf98fb7c44
SHA1 hash:
b0bb59ca29fb7e18914e7fb442e693818b35d174
SH256 hash:
b4cfe212b822f186ea59a65fc59b811a51bd334e59ea3b269f1f19ea007d0bff
MD5 hash:
f9085dcf6d1afad309bdaf5fedd1b25b
SHA1 hash:
61abbb6e793ca70f8185426b93f2f146b3f8819f
SH256 hash:
ca91342793e5644e94a7659fb515bc95dc41dc0c09aeeccceeb167ccf349f766
MD5 hash:
a10046f74a50a005b8673acbe39fd96a
SHA1 hash:
f2e0923ff9d7eed75d4225e74fde3ea1956da342
SH256 hash:
174de14ef92bd16f63c1db85b3ec48fdb795f48d6e068a2ec02d0975513eab66
MD5 hash:
82029ef43fdc83281cbddd77870961a1
SHA1 hash:
c196fd58c5e1c417720698cc072633e293fb1f2b
SH256 hash:
30571ca692547274584740492de7e350394010370052008a04ddf4609a479465
MD5 hash:
e351e8ab3266f281eb6cd9a5438d0008
SHA1 hash:
93dd0d280a5eee9a8a9c9535d8ab9240420eabf3
SH256 hash:
606465f8d2d7029283976e52fb4cd01e6304075c8aa41e2ff2aa835f99dc5eb0
MD5 hash:
b464d97644a982e1c239686d8bcc994e
SHA1 hash:
7a0f00323cfe5ca962a3989ef6cb107415e3a8f2
SH256 hash:
50bd468026f1a469c9ca03317e62b255f751a954352ba8ef1e3e0afb75224830
MD5 hash:
57bfbfe102907b3fec5258a125df9993
SHA1 hash:
132279e1b7956f05a682bed67545468d5778aebb
SH256 hash:
1ef650c1676167c761cc17489ce5bd4003e82750e404691f16111282747872fc
MD5 hash:
77c52d8aa8535a964c9a73af047d1bf6
SHA1 hash:
681b64a3d13d54023f2fcf2ae7744b7228a94edc
SH256 hash:
31adcac9114af197219a9d74c792122ffb18608ae3b25a12d119894e66f510d3
MD5 hash:
9ea279690a87306002a4954de5d48a76
SHA1 hash:
5b2ef70857b4f317f88c19773afbadafc1603f9d
SH256 hash:
7906f0226e60acff7bd2655b0e0eec71d3e85568e5fbe85bcf8de3efcf268bcb
MD5 hash:
d1e84be36e678faa7390c64053b39045
SHA1 hash:
c742d5e23e0d48a8c23ec03a175aa39b9e245c2a
SH256 hash:
90e53147db420d63a2010584764febae157dcefa111dac20f517fbf00a6bd224
MD5 hash:
56a9dcd008d0127b2353ecf2d3197e79
SHA1 hash:
aa77a8bcba4b5c764554859e670801f170330689
SH256 hash:
711d37b4962ad4756eadd8b899c296cd7d43326f0d70f35854b7955439fa8c3b
MD5 hash:
7359f40e1100c0c800bc84977512e8f4
SHA1 hash:
89a37a9b35c1b085f405b002729294631adbaf96
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
YARA Signatures
MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.
| Rule name: | pdb_YARAify |
|---|---|
| Author: | @wowabiy314 |
| Description: | PDB |
| Rule name: | Windows_Trojan_Smokeloader_3687686f |
|---|---|
| Author: | Elastic Security |
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Web download
Delivery method
Distributed via web download
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.