MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 745ae9caf8a38023905ad52a4e81d085cef62fc4a14aacf2536c9e54cd1845f8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DanaBot


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 745ae9caf8a38023905ad52a4e81d085cef62fc4a14aacf2536c9e54cd1845f8
SHA3-384 hash: 9cd65b9b92b23ecf9ad98f36d9ac7161cd0c96cd9a3df386e95bebfd071696593ca95e0926935282f582d0e11502cf18
SHA1 hash: 8294c8a81684a35a9a8e155788c2ccabad8b657c
MD5 hash: 592b072b05d4144f9e5242c8e9a1c88c
humanhash: william-pip-iowa-nitrogen
File name:592b072b05d4144f9e5242c8e9a1c88c.exe
Download: download sample
Signature DanaBot
Create hunting rule
File size:1'162'752 bytes
First seen:2021-07-29 08:39:29 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ebe339f33228ec9cb9963341e6449ca2 (3 x RaccoonStealer, 1 x DanaBot, 1 x ArkeiStealer)
ssdeep 24576:vv2NFRfdDf+CRwEHhjLsWLcOeb9oQvU7/9EJojbfH0vZEr:mRf+Cy65My/KeHYu
Threatray 3'055 similar samples on MalwareBazaar
TLSH T16A351230BA60D03AE47362F846BA936CA42C7EA16B3451CF53D626DD17346E9DC3178B
dhash icon ead8ac9cc6e68ea0 (38 x RaccoonStealer, 18 x RedLineStealer, 12 x Smoke Loader)
Reporter abuse_ch
Tags:DanaBot exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
187
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
610203_Voicemod-Pro-21.zip
Verdict:
Malicious activity
Analysis date:
2021-07-29 01:25:10 UTC
Tags:
evasion trojan loader stealer kelihos rat redline autoit raccoon vidar phishing
Link:
https://app.any.run/tasks/d69a2e06-1a7c-4b0a-b06f-4f4a199b4ab3

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/174932/
Detection(s):
Win.Packed.Generic-9882246-0
Create hunting rule

Win.Packed.Filerepmalware-9882257-0
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/7a1bd779-7c95-43b7-a42f-d60419c4f402
Result
Threat name:
DanaBot
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/823706
Signature
C2 URLs / IPs found in malware configuration
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Yara detected DanaBot stealer dll
Behaviour
Behavior Graph:
Download SVG
Gathering data
Threat name:
Win32.Trojan.Azorult
Create hunting rule
Status:
Malicious
First seen:
2021-07-28 23:39:18 UTC
AV detection:
13 of 28 (46.43%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ornotsxyuoachec22uve5aoqqxhpml6euffkz4stnspfjtiyix4a._file
Verdict:
unknown
Similar samples:
09dc7dc14936ed8794d78cdb6eddc7f3776cba90b3942c2fa1ff7bdf329956cc
DanaBot
173240b443fdb5cc7ed97cf6eedeb0d823924df3dab6d468c9da2898443f3ac6
DanaBot
2a9f52262587cf8fb41fffc7b9ae236cbe5f0f5c072f5c2bd70b13d04a564a32
DanaBot
2fbf6c5454bb88073ecbc13b293375ec58a9f8636c188881ffd7a3573f3c1cac
DanaBot
50575798954fd5dff1f376d1597a3d0ff52f51789c5ae98b48957590b540bcce
DanaBot
69fac4fe77b6da550498724f01e6db66d5c18a19c185d824bf62afdaccb0a7d6
DanaBot
8f71fca5621ccb7ba3558cfebc17014d27923d1c73ad97ececb577fd5b937047
DanaBot
8fa3eaa46c7d8d1f44a2eeca895f802f2aa7a2251bab347ccb765c72d63ccb58
DanaBot
d81e62102d9b748aaabf4f06bf0c09a66dfaaac7836374016a5f076b6f7ed418
DanaBot
dab48eb20191f37e19aed12dc58640ab40957cec26dc3fa63a88f70decbd875c
DanaBot
+ 3'045 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/210729-b8xz269lls/
Behaviour
Suspicious use of WriteProcessMemory
Drops file in Program Files directory
Loads dropped DLL
Blocklisted process makes network request
Unpacked files
SH256 hash:
61c58ac85bba0a9602d20b908dfb954743e48358e8e9b28037cda2771918025d
MD5 hash:
cd5044245235a5945e8bf1aad2a4f930
SHA1 hash:
3f00bab9e9f5eb6780f580270f379730bab5ad5e
Link:
https://www.unpac.me/results/57fce476-0940-4a6d-8499-e6a09e3d7da1/
SH256 hash:
078feb92cdddc0a07524df533840ec798a66069c92af363a4f32986a1a75ef53
MD5 hash:
11092c3a39d11a930e5d8933089c4144
SHA1 hash:
47a14ac342418bc42b78341f2161304a56c566f7
Link:
https://www.unpac.me/results/57fce476-0940-4a6d-8499-e6a09e3d7da1/
SH256 hash:
745ae9caf8a38023905ad52a4e81d085cef62fc4a14aacf2536c9e54cd1845f8
MD5 hash:
592b072b05d4144f9e5242c8e9a1c88c
SHA1 hash:
8294c8a81684a35a9a8e155788c2ccabad8b657c
Link:
https://www.unpac.me/results/57fce476-0940-4a6d-8499-e6a09e3d7da1/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/745ae9caf8a38023905ad52a4e81d085cef62fc4a14aacf2536c9e54cd1845f8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DanaBot

Executable exe 745ae9caf8a38023905ad52a4e81d085cef62fc4a14aacf2536c9e54cd1845f8

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/174932/
  
URLhaus
https://urlhaus.abuse.ch/url/1461110/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1467030/

Comments