MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 86b7552dbe0af62b1238a309b959ce972bed452bf12c809730cfbd958d81d5eb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

DanaBot

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	86b7552dbe0af62b1238a309b959ce972bed452bf12c809730cfbd958d81d5eb
SHA3-384 hash:	a67511a8e05eda5e7e86a434d2c5348a8465c3cfbd6dbd9867f5da85a989beccb1f5b0533b8b41063490eae1c34a0621
SHA1 hash:	ca0f827eb0df4acee3435c9126a049f96d16f365
MD5 hash:	e9faa3617f951ead8eab076bbf563f1e
humanhash:	cardinal-echo-illinois-uncle
File name:	e9faa3617f951ead8eab076bbf563f1e.exe
Download:	download sample
Signature	DanaBot Create hunting rule
File size:	2'961'438 bytes
First seen:	2021-03-08 13:34:46 UTC
Last seen:	2021-03-08 16:03:27 UTC
File type:	exe
MIME type:	application/x-dosexec
ssdeep	49152:egj2okvoXt282TdnLqpUanUJe/QbDDUwawtwVv+ntJzi43CcOyBF2+SQ:zXtyMplnUEQbw8t93CcLf
TLSH	44D53342C20607B1F4E423772A4B87F92969BE91531519DF0BC83E628E70EDE8F352E5
Reporter	abuse_ch
Tags:	DanaBot exe

Intelligence

File Origin

# of uploads :

# of downloads :

365

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

e9faa3617f951ead8eab076bbf563f1e.exe

Verdict:

No threats detected

Analysis date:

2021-03-08 13:35:35 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/aaddcd8e-5c23-49bb-b5ce-3b81c1d4a8cb

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/122770/

Detection(s):

SecuriteInfo.com.Trojan.GenericKDZ.73399.3654.6300.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

Unknown

Detection:

unknown

Classification:

n/a

Score:

2 / 100

Link:

https://www.joesandbox.com/analysis/631199

Behaviour

Behavior Graph:

Download SVG

Gathering data

Threat name:

Win32.Trojan.Generic

Status:

Suspicious

First seen:

2021-03-08 13:35:08 UTC

AV detection:

8 of 38 (21.05%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=q23vkln6bl3cweryume3swoos4v62rjl6ewibfzqz66zldmb2xvq._file

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/210308-f71me52442/

Unpacked files

SH256 hash:

86b7552dbe0af62b1238a309b959ce972bed452bf12c809730cfbd958d81d5eb

MD5 hash:

e9faa3617f951ead8eab076bbf563f1e

SHA1 hash:

ca0f827eb0df4acee3435c9126a049f96d16f365

Link:

https://www.unpac.me/results/f74cb75c-cc64-4872-9403-2065da9b6c6b/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.30

Link:

https://yomi.yoroi.company/submissions/86b7552dbe0af62b1238a309b959ce972bed452bf12c809730cfbd958d81d5eb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DanaBot

exe 86b7552dbe0af62b1238a309b959ce972bed452bf12c809730cfbd958d81d5eb

(this sample)

Cape

https://www.capesandbox.com/analysis/122770/

URLhaus

https://urlhaus.abuse.ch/url/1044931/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample