MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 95a90fbde8c6cc25ac3ebbc1bc9602a8a656a6c6d29e47378cca197c7018df02. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DanaBot


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 95a90fbde8c6cc25ac3ebbc1bc9602a8a656a6c6d29e47378cca197c7018df02
SHA3-384 hash: 0db2bfaaa63e3f28c5de46d2cd5e1fdb03dfaa56a7198a3a851e01c62dbfa27b2abe9dcec1f68986995ede86196ce53c
SHA1 hash: 141dde31d7e8f014b187bfbaa9d0d9abf5c9c2e8
MD5 hash: 2684e7971b92bd1b19265cf328b64ca8
humanhash: floor-item-paris-music
File name:2684e7971b92bd1b19265cf328b64ca8.exe
Download: download sample
Signature DanaBot
Create hunting rule
File size:2'672'640 bytes
First seen:2020-05-26 13:25:36 UTC
Last seen:2020-05-26 14:21:10 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash cfc8c11eab6f51f0365f1122451f3d44 (1 x DanaBot, 1 x Loki, 1 x Tofsee)
ssdeep 49152:uo2DVQqtFbYdQLYxbCeiPZzfvh6xLw8/bA0HDYf728jsinfsg6QzolywB2AI7WF6:yQqMYYddEZzvmLZ/bA0jYjRsikQzoI3B
Threatray 48 similar samples on MalwareBazaar
TLSH 03C5333793E1A772CB6506B44D39024A4E397CAF9BB880BF5FE60687BE700D41A75760
Reporter abuse_ch
Tags:DanaBot exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
808
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.BehavesLike.Win32.Dropper.vc.13467.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 13:36:28 UTC
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
1464f141847f0ee9af9f7f2eda69ebcb56022ae8b1d259bb152a873d3c6a303d
DanaBot
3e6c762ae623b985932a24c99a901dfb7dcb7c452bd5668bf2d7e8883f99381f
DanaBot
4f9b6310c363bc29667d6624f373a78762061fe952494a242454be6550c374da
DanaBot
5128943bdbc08a1f56d6ca3c7be3ac65e7080341a2268c55e4280cee005505c0
DanaBot
98c2f70c665efdfe6ff95460c0c8f131e80de91cf6dcbcf8bb4209c330280262
DanaBot
991c4166a2246ca5ae9186a1e747f5eb767fdbd304dbfa1c5f4a2019cb6b4aec
DanaBot
9d96347ba7dd239d6a6b667242965905d6e96114281cd7a18812e901712a8303
DanaBot
a59a10879e0a2db88c6ea80f31a85962b7e4e89b6e2c4d4cac459b1580422b78
DanaBot
ba3478006a8f45f9979a6f2f363933093cd063f7845c85dc604c374481347c20
DanaBot
cd38592468e54623dc5c89529203dbc21ede6cfe95523d2f146449019288038c
DanaBot
+ 38 additional samples on MalwareBazaar
Result
Malware family:
danabot
Create hunting rule
Score:
  10/10
Tags:
family:danabot banker botnet trojan
Link:
https://tria.ge/reports/201109-43m6sj6vdj/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Program crash
Loads dropped DLL
Blacklisted process makes network request
Danabot
Danabot x86 payload
Suspicious use of NtCreateProcessExOtherParentProcess
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DanaBot

Executable exe 95a90fbde8c6cc25ac3ebbc1bc9602a8a656a6c6d29e47378cca197c7018df02

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/367844/
  
Delivery method
Distributed via web download

Comments