MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 76518fd9a8d3fad5d9d294742179b2a19b63625b2f5ea62ce23000ed71a0d3cd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DanaBot


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 76518fd9a8d3fad5d9d294742179b2a19b63625b2f5ea62ce23000ed71a0d3cd
SHA3-384 hash: abb5656e9f99249ff6b799ae6212100177976e2887e997b6e77d894ca827be93cf460f3c706dba8dc0c5b6bdf5341839
SHA1 hash: 3b8519fa650467fe08db83dee2dc4dbbf628cf27
MD5 hash: ef87029d6051827fe69f39b74bfb8ddf
humanhash: charlie-nuts-edward-virginia
File name:ef87029d6051827fe69f39b74bfb8ddf.exe
Download: download sample
Signature DanaBot
Create hunting rule
File size:1'236'992 bytes
First seen:2021-10-03 12:32:03 UTC
Last seen:2021-10-03 14:14:18 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 401c37f2bd821b3afe64e4a9a74e43f3 (2 x ArkeiStealer, 2 x RedLineStealer, 1 x TeamBot)
ssdeep 24576:qz9jzoM7MVapyvDLYyIoYswGPCRVae1FcmXQgX331q6fQ9JL6L:qhjRMVapcLYoJwqCRVaeD31tT
Threatray 5'924 similar samples on MalwareBazaar
TLSH T1A44512147151CEF2E6B105F0A716C3E0096DBCEE5E55928E675C376EBE3C3C0862A789
File icon (PE):PE icon
dhash icon fcfcd4f4f4dcd8c0 (1 x Loki, 1 x DanaBot)
Reporter abuse_ch
Tags:DanaBot exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
235
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
ef87029d6051827fe69f39b74bfb8ddf.exe
Verdict:
Malicious activity
Analysis date:
2021-10-03 12:35:02 UTC
Tags:
trojan danabot
Link:
https://app.any.run/tasks/d4ec6ce9-e748-4745-8b8e-082b0cba23b1

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
DanaBot
Create hunting rule
Link:
https://www.capesandbox.com/analysis/194350/
Detection(s):
SecuriteInfo.com.Variant.Fragtor.27875.11790.20832.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file
Enabling the 'hidden' option for recently created files
Launching a process
Creating a process with a hidden window
Creating a window
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/f6e3a240-938d-47e4-b593-a0695feba6d7
Result
Threat name:
DanaBot
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
96 / 100
Link:
https://www.joesandbox.com/analysis/863426
Signature
C2 URLs / IPs found in malware configuration
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Yara detected DanaBot stealer dll
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/76518fd9a8d3fad5d9d294742179b2a19b63625b2f5ea62ce23000ed71a0d3cd/
Threat name:
Win32.Trojan.Fragtor
Create hunting rule
Status:
Malicious
First seen:
2021-10-03 12:33:13 UTC
AV detection:
24 of 45 (53.33%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
002fc4fa3de071983f37c2d4c81d2eae2ea27351c59193ba79451b2674718643
DanaBot
0cbc99017336a7e835494b822f84821254a78b0ae7dea476ed98bca861b1936b
DanaBot
0fa94fb3399528ee6652f3852baac8c399f267ed82ff74730881400494477a83
DanaBot
2e4bb0047b59d9a3e77d0543ac0acac8777e03c354dc5e0e94ab19c74c06f179
DanaBot
4b735599ef5aac480c58627f4b72af26cfe4b66c9a62ffd93998314ce27e9586
DanaBot
637d8c2a652b364d37a2d184e9e04ad252353370c9c1cb987410e6030dbdd5ae
DanaBot
889e79039dd2255f30d5e5244306b2b3c7108a4696478a4aeb6c9f3cc792b543
DanaBot
99df8e49e514931ebc8df66ca8fe265f80b2f9c09ce7b3e00a998c7db941a3c3
DanaBot
9c1060f235f5c568ca7461ead6d60926d416d18451b755efd3ab1465681e9d80
DanaBot
f66a32559056cd11d34d31ac48a4488de144daa4825d7292e85436601a177434
DanaBot
+ 5'914 additional samples on MalwareBazaar
Result
Malware family:
danabot
Create hunting rule
Score:
  10/10
Tags:
family:danabot banker trojan
Link:
https://tria.ge/reports/211003-pqmmwafdd5/
Behaviour
Suspicious use of WriteProcessMemory
Loads dropped DLL
Blocklisted process makes network request
Danabot
Danabot Loader Component
Malware Config
C2 Extraction:
142.11.192.232:443
192.119.110.73:443
142.11.242.31:443
192.210.222.88:443
Unpacked files
SH256 hash:
2100cd9f7211fc2f4586000ff6339d6204581c49b460d5101faf197576cfb79b
MD5 hash:
b45cfe08c57e3b1359ab958de37a948c
SHA1 hash:
5f48541d0f5d43dc8b7f8881e6e2b366b5cf1501
Link:
https://www.unpac.me/results/00978133-415c-4ea0-8035-708598fbd687/
SH256 hash:
c7a82eb0288515039dadc9fe80976ff9789885b784a07f8ae490d0286e214607
MD5 hash:
b07071f13fd64475091384c4b1a1504b
SHA1 hash:
d41417768180f0e1d64e670cf41fbbc23033d886
Link:
https://www.unpac.me/results/00978133-415c-4ea0-8035-708598fbd687/
SH256 hash:
76518fd9a8d3fad5d9d294742179b2a19b63625b2f5ea62ce23000ed71a0d3cd
MD5 hash:
ef87029d6051827fe69f39b74bfb8ddf
SHA1 hash:
3b8519fa650467fe08db83dee2dc4dbbf628cf27
Link:
https://www.unpac.me/results/00978133-415c-4ea0-8035-708598fbd687/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/76518fd9a8d3fad5d9d294742179b2a19b63625b2f5ea62ce23000ed71a0d3cd

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DanaBot

Executable exe 76518fd9a8d3fad5d9d294742179b2a19b63625b2f5ea62ce23000ed71a0d3cd

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1640605/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/194350/

Comments