MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9309025b86610fc4dade312f3681fa0e9370dcecca1563393fe4866d4e718d19. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DanaBot


Vendor detections: 5


Intelligence 5 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9309025b86610fc4dade312f3681fa0e9370dcecca1563393fe4866d4e718d19
SHA3-384 hash: 9ae9e83ce572879edb2b6b37d0aa07086c8d3d9c47df3759c157df97f5f7b731678f90fd7b55d707483bf737d957c591
SHA1 hash: 4fcc44307fa4c5826a7d33109917b3cb436722fd
MD5 hash: b02c3131bf5fb12b3fae117632dc86ed
humanhash: violet-happy-green-nine
File name:b02c3131bf5fb12b3fae117632dc86ed.exe
Download: download sample
Signature DanaBot
Create hunting rule
File size:2'776'064 bytes
First seen:2020-06-12 07:48:59 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 1f51eb311c7cea4e47d027b8a8dc52b8 (1 x DanaBot, 1 x RedLineStealer)
ssdeep 49152:YStyo5HCaoeBcja2LQ8BkbuNdKUwBl0ZJzl7Y0XBkognTd:ZAUH3oe8a2LquXKDBl0ZJzBYKBkLTd
Threatray 80 similar samples on MalwareBazaar
TLSH 69D533593FC0E030E1F7533145919C50AE26FDB11EA8896737C87A0E65365E1BA36BB3
Reporter abuse_ch
Tags:DanaBot exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
897
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/9971/
Gathering data
Threat name:
Win32.Trojan.DanaBot
Create hunting rule
Status:
Malicious
First seen:
2020-06-11 19:07:29 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=smeqew4gmeh4jww6gextnap2b2jxbxhmzikwgoj74sdg2ttrrumq._file
Verdict:
malicious
Similar samples:
219ce23454e6209702f4795e16765681936d2e4e4166c601a2ac412b15f4c1a5
DanaBot
424ee5f1bd26e38f9abe250044766d6c8a656c790d112400b472a0411bc81d61
DanaBot
677f90dd4838bff9c07d1f730907777ce27bdf40cca7a7a664cf675cf33b4622
DanaBot
720b101eeb0fd61433a644563ad541e1923a202a1116fda126534e89a805136c
DanaBot
94b9908c1d164acb68a30bacada251782c6e9dc64500718d12ebe4abf871b305
DanaBot
a13c95a98b340edd7eeeff2da8272761cd84d093f43888e5940451d02b1a2dc0
DanaBot
a7c37af821063d0a3be82a621e332f48c89bd83bec9c3ad092d4e357813c7e66
DanaBot
abd75572f897cdda88cec22922d15b509ee8c840fa5894b0aecbef6de23908a3
DanaBot
aeb1bfcef382789091e72e2d6cae6e471123d0e8e7a5f39c64abf5a3d9a4eaa8
DanaBot
e4719e8d66fb27cb0a1f2168f22fdb0e1aa14058e82662ed61aa3bbe66f6a34e
DanaBot
+ 70 additional samples on MalwareBazaar
Result
Malware family:
danabot
Create hunting rule
Score:
  10/10
Tags:
family:danabot banker botnet trojan
Link:
https://tria.ge/reports/201109-yep1qqbjls/
Behaviour
Suspicious use of WriteProcessMemory
Loads dropped DLL
Blacklisted process makes network request
Danabot
Danabot x86 payload
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:win_danabot_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DanaBot

Executable exe 9309025b86610fc4dade312f3681fa0e9370dcecca1563393fe4866d4e718d19

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/367844/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/9971/

Comments