MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 95646c8eb86f3c3a1f37df36ca7c4bc535428803e88271e15abb0fef9586424a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DanaBot


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 95646c8eb86f3c3a1f37df36ca7c4bc535428803e88271e15abb0fef9586424a
SHA3-384 hash: 8fa23bdc77948cadcf985748bd4a432bb85e58c58e314a0ade0de747d57de3a44c334a0572c48638f7e3f78c574b1998
SHA1 hash: d826eaa24dfae6199d47146ba87c312427b8b389
MD5 hash: 9da29ecc822de501f7d9e30a71c1b207
humanhash: seven-wolfram-apart-bravo
File name:9da29ecc822de501f7d9e30a71c1b207.exe
Download: download sample
Signature DanaBot
Create hunting rule
File size:1'114'624 bytes
First seen:2021-10-09 06:41:26 UTC
Last seen:2021-10-09 07:58:51 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 8d7835f3c937376951e2e2f5305d0788 (1 x RaccoonStealer, 1 x DanaBot, 1 x Smoke Loader)
ssdeep 24576:rGmty45XtNnd9BK/h5y0ayZ9ClXYAeIPSf9kUjbteqr1Qs1q:rL/5X/nE/L19XChhPSFkUfteqOkq
TLSH T14F3523213AE7E075DC6F49B14069C2981CBF78B2BA7750CA6B7007DE9E7138057A6B13
File icon (PE):PE icon
dhash icon a1bcdcac9c8cb4a4 (6 x RedLineStealer, 4 x DanaBot, 3 x Smoke Loader)
Reporter abuse_ch
Tags:DanaBot exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
430
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
9da29ecc822de501f7d9e30a71c1b207.exe
Verdict:
Malicious activity
Analysis date:
2021-10-09 06:42:52 UTC
Tags:
trojan danabot
Link:
https://app.any.run/tasks/cfa029c8-932a-4eb9-87fa-cfcc72058981

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
DanaBot
Create hunting rule
Link:
https://www.capesandbox.com/analysis/196274/
Detection(s):
SecuriteInfo.com.Trojan.MulDrop18.42956.5179.22850.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file
Enabling the 'hidden' option for recently created files
Launching a process
Creating a process with a hidden window
Result
Threat name:
DanaBot
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
96 / 100
Link:
https://www.joesandbox.com/analysis/867378
Signature
C2 URLs / IPs found in malware configuration
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Yara detected DanaBot stealer dll
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/95646c8eb86f3c3a1f37df36ca7c4bc535428803e88271e15abb0fef9586424a/
Threat name:
Win32.Trojan.Azorult
Create hunting rule
Status:
Malicious
First seen:
2021-10-09 02:53:00 UTC
File Type:
PE (Exe)
Extracted files:
30
AV detection:
26 of 28 (92.86%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=svsgzdvyn46duhzx343mu7clyu2ufcad5cbhdyk2xmh67fmgijfa._file
Verdict:
malicious
Result
Malware family:
danabot
Create hunting rule
Score:
  10/10
Tags:
family:danabot banker trojan
Link:
https://tria.ge/reports/211009-hgdv2sfaf7/
Behaviour
Suspicious use of WriteProcessMemory
Loads dropped DLL
Blocklisted process makes network request
Danabot
Danabot Loader Component
Malware Config
C2 Extraction:
142.11.242.31:443
192.119.110.73:443
192.210.222.88:443
Unpacked files
SH256 hash:
c76f892f1cdc4b607d2e108aec7370384d68b9098341b7ea002aac731034433e
MD5 hash:
c9d84a95c0e555d6bae5740c8794a097
SHA1 hash:
c57ff409190c84c2a01c3cf3214cb4d11c68014b
Link:
https://www.unpac.me/results/fcbdaf1f-124d-425e-bbd6-9cfe39b96d76/
SH256 hash:
f5dfbd3519bdd577b7d060fa13bf8262dc33997f4b3dd759d433dc6b88d53946
MD5 hash:
7c36e4f607082fd030b2472a25384e2f
SHA1 hash:
6f54b628c86f8938fee03bcd2fc84d34944bccdc
Link:
https://www.unpac.me/results/fcbdaf1f-124d-425e-bbd6-9cfe39b96d76/
SH256 hash:
95646c8eb86f3c3a1f37df36ca7c4bc535428803e88271e15abb0fef9586424a
MD5 hash:
9da29ecc822de501f7d9e30a71c1b207
SHA1 hash:
d826eaa24dfae6199d47146ba87c312427b8b389
Link:
https://www.unpac.me/results/fcbdaf1f-124d-425e-bbd6-9cfe39b96d76/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/95646c8eb86f3c3a1f37df36ca7c4bc535428803e88271e15abb0fef9586424a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DanaBot

Executable exe 95646c8eb86f3c3a1f37df36ca7c4bc535428803e88271e15abb0fef9586424a

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1660814/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1640605/
Cape
Cape
https://www.capesandbox.com/analysis/196274/

Comments