MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9329c623ff64360ce5e887f27e050ff9c73537aca97761da60fd9ded70e9a8c4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DanaBot


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9329c623ff64360ce5e887f27e050ff9c73537aca97761da60fd9ded70e9a8c4
SHA3-384 hash: dc99e4ff9e3dc65f49f29bdc1c06d0f1b6648847bb85cf1f37070912c0c0a43ab06c1a8a2ddfe1888fec5795663455a6
SHA1 hash: edd422674fb34b625753bf24bebecf052ec175ca
MD5 hash: fecbacfbd7c6c9637a5c9bdc5101b92c
humanhash: zebra-william-aspen-blue
File name:fecbacfbd7c6c9637a5c9bdc5101b92c.exe
Download: download sample
Signature DanaBot
Create hunting rule
File size:1'134'592 bytes
First seen:2021-07-24 07:07:10 UTC
Last seen:2021-07-24 07:55:49 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 09fad65bab468ddd6d77fa7d048c7436 (5 x RedLineStealer, 4 x RaccoonStealer, 2 x Smoke Loader)
ssdeep 24576:RDPvuiFY3TVoqQ1fone333t1sJvOEuTH3uVRnknDr5BPA:BXuiFY3TM80dmbuTH3uOn5BI
Threatray 2'867 similar samples on MalwareBazaar
TLSH T1E5352218F7B59472D015083158D4DBA0AB5CF825BE69BD8A374B276F3F302D2B1A522F
dhash icon 48b9b2b0e8c38c90 (6 x Smoke Loader, 5 x RedLineStealer, 3 x CryptBot)
Reporter abuse_ch
Tags:DanaBot exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
235
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
fecbacfbd7c6c9637a5c9bdc5101b92c.exe
Verdict:
Malicious activity
Analysis date:
2021-07-24 07:11:58 UTC
Tags:
trojan danabot
Link:
https://app.any.run/tasks/8d644e8f-b862-4f0c-8086-df0d56dfbaf3

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/173869/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.46671186.31590.30449.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Malicious Packer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/cc60e407-609a-428a-a195-e5437dde562e
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/821170
Signature
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9329c623ff64360ce5e887f27e050ff9c73537aca97761da60fd9ded70e9a8c4/
Threat name:
Win32.Trojan.Azorult
Create hunting rule
Status:
Malicious
First seen:
2021-07-23 16:16:43 UTC
AV detection:
17 of 27 (62.96%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=smu4mi77mq3azzpiq7zh4bip7hdtkn5mvf3wdwta7wo624hjvdca._file
Verdict:
unknown
Similar samples:
05d6308da69a011a5f95088f5ae7d68aa09e430b05c169dc53d701776b08dd62
DanaBot
173240b443fdb5cc7ed97cf6eedeb0d823924df3dab6d468c9da2898443f3ac6
DanaBot
1862c6b58deef050db0cb8f2fe013c3e49002469d234b5c9857f2d6c5114e32d
DanaBot
1bceb4e84115eabb8bf3df704b5cc014834ca08b126451ae95d60a968e66d666
DanaBot
2fbf6c5454bb88073ecbc13b293375ec58a9f8636c188881ffd7a3573f3c1cac
DanaBot
69fac4fe77b6da550498724f01e6db66d5c18a19c185d824bf62afdaccb0a7d6
DanaBot
8f71fca5621ccb7ba3558cfebc17014d27923d1c73ad97ececb577fd5b937047
DanaBot
8fa3eaa46c7d8d1f44a2eeca895f802f2aa7a2251bab347ccb765c72d63ccb58
DanaBot
dab48eb20191f37e19aed12dc58640ab40957cec26dc3fa63a88f70decbd875c
DanaBot
ef6fc7bf417d763f9c7c8c9bf723ce7d3b4acbeb4cc47e65bcb3d6b8f143fee2
DanaBot
+ 2'857 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/210724-b7fsq3m5d6/
Behaviour
Suspicious use of WriteProcessMemory
Drops file in Program Files directory
Loads dropped DLL
Blocklisted process makes network request
Unpacked files
SH256 hash:
aaf22f0fb83992b924ada07e7f7353c8cda6a208330aefc1e5127fcccc9e2aea
MD5 hash:
c92a53cc671aa0e174d0697f7b6e35e9
SHA1 hash:
a2dd513e7988b2e2d56b4bede0840093ad2ac4bb
Link:
https://www.unpac.me/results/9e08a257-86bf-48eb-ac5a-fa1e163497b3/
SH256 hash:
4248023fcdf1a6478f0bed84a0ec8e37971ae2ab1e4ebe51da694edeac05d3b6
MD5 hash:
cf4f5500b88cfb4f2b365f1173cbcca3
SHA1 hash:
e970f11d033e647eab9e308ffb206cb548a923c4
Link:
https://www.unpac.me/results/9e08a257-86bf-48eb-ac5a-fa1e163497b3/
SH256 hash:
9329c623ff64360ce5e887f27e050ff9c73537aca97761da60fd9ded70e9a8c4
MD5 hash:
fecbacfbd7c6c9637a5c9bdc5101b92c
SHA1 hash:
edd422674fb34b625753bf24bebecf052ec175ca
Link:
https://www.unpac.me/results/9e08a257-86bf-48eb-ac5a-fa1e163497b3/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/9329c623ff64360ce5e887f27e050ff9c73537aca97761da60fd9ded70e9a8c4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DanaBot

Executable exe 9329c623ff64360ce5e887f27e050ff9c73537aca97761da60fd9ded70e9a8c4

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1467030/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1461110/
Cape
Cape
https://www.capesandbox.com/analysis/173869/

Comments