MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 73e761de4a8be29d7dc04e48a47f417917cf2f37a27dfb9db45069d4ccb66cec. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DanaBot


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 73e761de4a8be29d7dc04e48a47f417917cf2f37a27dfb9db45069d4ccb66cec
SHA3-384 hash: 00f1df6d54b8d6517f314c1091e354537e5aa31f55d8843c9642b179482bdb9e7ec3155cafa7160947b527d282a9bd3f
SHA1 hash: 60751d59e2bfb960a37ad3877f74ca47be135a76
MD5 hash: d31ea57359444cbd1c944e906e7ae813
humanhash: muppet-hamper-lima-oklahoma
File name:d31ea57359444cbd1c944e906e7ae813.exe
Download: download sample
Signature DanaBot
Create hunting rule
File size:1'205'248 bytes
First seen:2021-09-25 06:55:38 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash efb815d76c298dec768e3e4b14d60fd3 (10 x RedLineStealer, 2 x Stop, 1 x Smoke Loader)
ssdeep 24576:Hfy1/eDZpqs3J+XuHb1int+8bcyLiIB5A7sjciACW+PQf:8Wt+MJint+83iIjA8bW+Yf
Threatray 5'621 similar samples on MalwareBazaar
TLSH T1E145232176E0C030FAB726FA99B483797A1D7E70AB7885C763D60AEA56745E0DC30353
File icon (PE):PE icon
dhash icon ead8ac9cc6a68ee0 (93 x RedLineStealer, 50 x RaccoonStealer, 15 x Smoke Loader)
Reporter abuse_ch
Tags:DanaBot exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
268
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
d31ea57359444cbd1c944e906e7ae813.exe
Verdict:
Malicious activity
Analysis date:
2021-09-25 07:02:20 UTC
Tags:
trojan danabot
Link:
https://app.any.run/tasks/dab93b49-3df5-4e3f-ab92-14df56f7b75e

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/191337/
Detection(s):
Win.Packed.Generic-9896112-0
Create hunting rule

Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/205d690f-134a-4585-a7ee-8c5896e7c70b
Result
Threat name:
DanaBot
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/857789
Signature
C2 URLs / IPs found in malware configuration
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Yara detected DanaBot stealer dll
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/73e761de4a8be29d7dc04e48a47f417917cf2f37a27dfb9db45069d4ccb66cec/
Threat name:
Win32.Trojan.Glupteba
Create hunting rule
Status:
Malicious
First seen:
2021-09-24 09:08:23 UTC
AV detection:
19 of 28 (67.86%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
002fc4fa3de071983f37c2d4c81d2eae2ea27351c59193ba79451b2674718643
DanaBot
0cbc99017336a7e835494b822f84821254a78b0ae7dea476ed98bca861b1936b
DanaBot
2e4bb0047b59d9a3e77d0543ac0acac8777e03c354dc5e0e94ab19c74c06f179
DanaBot
637d8c2a652b364d37a2d184e9e04ad252353370c9c1cb987410e6030dbdd5ae
DanaBot
867317f0875ba0635d62393278994b110ea94179d6e736fa7891a83983822143
DanaBot
889e79039dd2255f30d5e5244306b2b3c7108a4696478a4aeb6c9f3cc792b543
DanaBot
8f71fca5621ccb7ba3558cfebc17014d27923d1c73ad97ececb577fd5b937047
DanaBot
99df8e49e514931ebc8df66ca8fe265f80b2f9c09ce7b3e00a998c7db941a3c3
DanaBot
a98b37b337927ef6cea8a053a4ea676646de4dfbf6ce9619593246a1ecc362b6
DanaBot
f66a32559056cd11d34d31ac48a4488de144daa4825d7292e85436601a177434
DanaBot
+ 5'611 additional samples on MalwareBazaar
Result
Malware family:
danabot
Create hunting rule
Score:
  10/10
Tags:
family:danabot banker trojan
Link:
https://tria.ge/reports/210925-hqgcjaafd4/
Behaviour
Suspicious use of WriteProcessMemory
Drops file in Program Files directory
Loads dropped DLL
Blocklisted process makes network request
Danabot
Danabot Loader Component
Malware Config
C2 Extraction:
23.254.144.209:443
192.236.194.86:443
142.11.192.232:443
Unpacked files
SH256 hash:
572a33c0b03bec586c9156b77d1e797d12871e4811b284263135f96fd9d41e64
MD5 hash:
2ea5b17875d94f3cae85202d4a8efa8b
SHA1 hash:
30a25ab4b68367c3bd81ed601e9a30e8330cd5cd
Link:
https://www.unpac.me/results/799c265b-f120-4168-9ef7-3f6ac078cdf0/
SH256 hash:
54fa72365a37e459dea4ff447bc38ce94b6a84efc1f38a65f1bf34553e09a9c9
MD5 hash:
3733b0fb8a5c8d29846812c9d9e318e2
SHA1 hash:
8c67721346d585e1a1024c3b954611e0df48e034
Link:
https://www.unpac.me/results/799c265b-f120-4168-9ef7-3f6ac078cdf0/
SH256 hash:
73e761de4a8be29d7dc04e48a47f417917cf2f37a27dfb9db45069d4ccb66cec
MD5 hash:
d31ea57359444cbd1c944e906e7ae813
SHA1 hash:
60751d59e2bfb960a37ad3877f74ca47be135a76
Link:
https://www.unpac.me/results/799c265b-f120-4168-9ef7-3f6ac078cdf0/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/73e761de4a8be29d7dc04e48a47f417917cf2f37a27dfb9db45069d4ccb66cec

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DanaBot

Executable exe 73e761de4a8be29d7dc04e48a47f417917cf2f37a27dfb9db45069d4ccb66cec

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1641939/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1640605/
Cape
Cape
https://www.capesandbox.com/analysis/191337/

Comments