MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7277ba54308bcc7098ac8be7c268a99edce0dbd0b49536b36acca25ca06b5de6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DanaBot


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7277ba54308bcc7098ac8be7c268a99edce0dbd0b49536b36acca25ca06b5de6
SHA3-384 hash: 61b1976596c47997f600c8fc95cb471b40ce16f35bb016d1906b5ca78cccdc57290d570155ea666d1a611488f4618c8f
SHA1 hash: fb3b8701c0dfda13f56b9ad71cab59102daed5a9
MD5 hash: 717fbb237f8ec5a350a1f9fe35e8dc5e
humanhash: vermont-sierra-moon-cola
File name:717fbb237f8ec5a350a1f9fe35e8dc5e.exe
Download: download sample
Signature DanaBot
Create hunting rule
File size:1'135'104 bytes
First seen:2021-07-21 18:06:34 UTC
Last seen:2021-07-21 19:10:01 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 266aa3b561e26e3b4d438fb26814163c (1 x DanaBot, 1 x RedLineStealer, 1 x ArkeiStealer)
ssdeep 24576:wDPYAIHIXqX2hBCoLsPdkUrHBlhnjXAEmB+31pFy+L:wDgzI6X2hBubuM31pFL
Threatray 2'751 similar samples on MalwareBazaar
TLSH T19235230136E1E972D591093260F78394AAFFBCA75D789A47A1193AEF3F301C496BC316
dhash icon 48b9b2b0e8c18c90 (18 x RaccoonStealer, 5 x Smoke Loader, 3 x Glupteba)
Reporter abuse_ch
Tags:DanaBot exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
195
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
717fbb237f8ec5a350a1f9fe35e8dc5e.exe
Verdict:
Malicious activity
Analysis date:
2021-07-21 18:13:55 UTC
Tags:
trojan danabot
Link:
https://app.any.run/tasks/8d9f4f8f-3522-4fb1-b0f8-77d83742bb98

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/173088/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.37271906.18819.14951.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/47bfbc17-706d-466a-bb15-37e9c55b0b79
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/819683
Signature
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7277ba54308bcc7098ac8be7c268a99edce0dbd0b49536b36acca25ca06b5de6/
Threat name:
Win32.Trojan.Bingoml
Create hunting rule
Status:
Malicious
First seen:
2021-07-21 04:18:37 UTC
AV detection:
19 of 28 (67.86%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=oj33uvbqrpghbgfmrpt4e2fjt3oobw6qwsktnm3kzsrfzidllxta._file
Verdict:
unknown
Similar samples:
056548a367412a9b7fcb2d136d1c425ecfc2b0627de5d6842a5b79cee17d67dd
DanaBot
3c8992a1fa966b9838653d1276934114b1e3536d2d0d47172ef4c67af1ef3b2c
DanaBot
4f4a33f70099855f5f503716515f388da3a5daa1e2fac59ec6c881e89ef7d072
DanaBot
556900b033c6969b8c33c7fd00a36e94561acc33357e845876abf791ede3ba27
DanaBot
6a708470ee13d86b51352b69e755a9bcbd2730ecef34133dd1b5ed10b95f56a3
DanaBot
7ec78d6c2c919a22185cb0000f2e273d66019b8409a3ca47c819d44cedead22e
DanaBot
c565ce12f63b1cb897156e0234907a49517439247747cc7df5b69952c1e7ce43
DanaBot
db6707dfd3c466dd3265628f922abb9908916f58ee47d9575cc45233a858e3fd
DanaBot
e4938a8244543631ae11deb46e8b4cc3f0a8b8b7c2d4a1246f5bfadb29e0094c
DanaBot
fd0cf58b93453778c312805f74673284da2548389ee866c37cc91431f0ba9cb1
DanaBot
+ 2'741 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/210721-yfhxktywyx/
Behaviour
Suspicious use of WriteProcessMemory
Drops file in Program Files directory
Loads dropped DLL
Blocklisted process makes network request
Unpacked files
SH256 hash:
f04c14adc92fcb5c10a00484e705397b5597930c7915cd5a1147b4c742f439da
MD5 hash:
00ff83979f4cc5eaf1aa08e4cd33edc6
SHA1 hash:
5f6a6d4d1b34b7f5a46591fe027092c6cc9b3194
Link:
https://www.unpac.me/results/f5555a5b-746c-434d-bc77-3d59116715ef/
SH256 hash:
d5c6ba19c1266b7c6c9bf2c95b4acd79d35ad568004fe2bb4c9d83953a69a009
MD5 hash:
cf938ba4ab240423c1b5e7d5f478cf63
SHA1 hash:
0cb97e2d169e4ccd6c5782cd2726bf03ab277020
Link:
https://www.unpac.me/results/f5555a5b-746c-434d-bc77-3d59116715ef/
SH256 hash:
7277ba54308bcc7098ac8be7c268a99edce0dbd0b49536b36acca25ca06b5de6
MD5 hash:
717fbb237f8ec5a350a1f9fe35e8dc5e
SHA1 hash:
fb3b8701c0dfda13f56b9ad71cab59102daed5a9
Link:
https://www.unpac.me/results/f5555a5b-746c-434d-bc77-3d59116715ef/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7277ba54308bcc7098ac8be7c268a99edce0dbd0b49536b36acca25ca06b5de6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DanaBot

Executable exe 7277ba54308bcc7098ac8be7c268a99edce0dbd0b49536b36acca25ca06b5de6

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1467030/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1461110/
Cape
Cape
https://www.capesandbox.com/analysis/173088/

Comments