MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8d535ed155eee819382c1ba943ea3839e72f649d5d7bcfc08fd62729be8159d3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DanaBot


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8d535ed155eee819382c1ba943ea3839e72f649d5d7bcfc08fd62729be8159d3
SHA3-384 hash: 6c6afe04e4b4daa792a8dbf98288db7f72a2997341613108a45f2d40cfd0e916238a2bdf5d06e5db78833c048ded9880
SHA1 hash: 500e528e871113571d99befb7d106aeb4f46e4f4
MD5 hash: 1db306b5e70641446b007fbd635d017c
humanhash: bulldog-autumn-blue-twelve
File name:1db306b5e70641446b007fbd635d017c
Download: download sample
Signature DanaBot
Create hunting rule
File size:1'145'344 bytes
First seen:2021-11-10 14:03:57 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 2d715bbee85dde3a5a477ecadeec8734 (1 x DanaBot, 1 x RaccoonStealer)
ssdeep 24576:S/VuUs0vJB720riU7Rfj2m74zN6THmt7oMNg82WvrXabe+Rab:SgU1B7biE2mMZbLw9
TLSH T1AF351236E3EDA972C4B71E385121EA25582BBC226171840AE7A4270D3EF1FDC55E970F
File icon (PE):PE icon
dhash icon fcfcf4f4d4dcd8c0 (26 x RaccoonStealer, 11 x RedLineStealer, 9 x Stop)
Reporter zbetcheckin
Tags:32 DanaBot exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
427
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/204743/
Detection(s):
Win.Malware.Fragtor-9907126-0
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
greyware lockbit packed
Link:
https://www.filescan.io/uploads/618bd155dec3347825a13d9c/reports/dc70b988-508e-4013-a552-a2c904d0fcff/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/e707e0a6-396f-44a4-b449-eb32cfbd97cf
Result
Threat name:
DanaBot
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/886758
Signature
C2 URLs / IPs found in malware configuration
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Yara detected DanaBot stealer dll
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8d535ed155eee819382c1ba943ea3839e72f649d5d7bcfc08fd62729be8159d3/
Threat name:
Win32.Trojan.Phonzy
Create hunting rule
Status:
Malicious
First seen:
2021-11-10 14:04:06 UTC
AV detection:
26 of 45 (57.78%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=rvjv5ukv53ubsobmdouuh2ryhhts6ze5lv547qep2ytstpublhjq._file
Verdict:
malicious
Result
Malware family:
danabot
Create hunting rule
Score:
  10/10
Tags:
family:danabot botnet:4 banker discovery trojan
Link:
https://tria.ge/reports/211110-rc9xcsecfp/
Behaviour
Checks processor information in registry
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Drops file in Program Files directory
Checks installed software on the system
Loads dropped DLL
Blocklisted process makes network request
Danabot
Danabot Loader Component
Malware Config
C2 Extraction:
192.119.110.73:443
192.236.192.201:443
Unpacked files
SH256 hash:
796b08277954d1683d1af20bdce887cd146dbeaae1f164a4e9697a064b331956
MD5 hash:
220bf786934f849e0a0f50dd77bae5c1
SHA1 hash:
0f43df4f417b11c1a331621e8de2fdecfb5fd02f
Link:
https://www.unpac.me/results/27866483-2591-4993-ad32-a0770e175e95/
SH256 hash:
09fb6ce6bf5861e5a0fa60144c1160851f89c0e164fc372701fabf0c711bfcc5
MD5 hash:
878c16d29510f04c6fe44487144ebec2
SHA1 hash:
b757e9aed13e6ec7a8f6ee81077f06bdb21f7fc5
Link:
https://www.unpac.me/results/27866483-2591-4993-ad32-a0770e175e95/
SH256 hash:
8d535ed155eee819382c1ba943ea3839e72f649d5d7bcfc08fd62729be8159d3
MD5 hash:
1db306b5e70641446b007fbd635d017c
SHA1 hash:
500e528e871113571d99befb7d106aeb4f46e4f4
Link:
https://www.unpac.me/results/27866483-2591-4993-ad32-a0770e175e95/
Malware family:
BazarLoader
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/8d535ed155ee/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8d535ed155eee819382c1ba943ea3839e72f649d5d7bcfc08fd62729be8159d3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DanaBot

Executable exe 8d535ed155eee819382c1ba943ea3839e72f649d5d7bcfc08fd62729be8159d3

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1772785/
Cape
Cape
https://www.capesandbox.com/analysis/204743/

Comments


Avatar
zbet commented on 2021-11-10 14:03:59 UTC

url : hxxp://23.254.226.52/lots.exe