MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9a4537ed41f8307c11b5c85e70ed82573e3fa7f424178eb7f15c5b4d4d72cde5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DanaBot


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9a4537ed41f8307c11b5c85e70ed82573e3fa7f424178eb7f15c5b4d4d72cde5
SHA3-384 hash: 7a189aa5ab671e959fa3fb54b2a6dacf3b5f3ba2e64dad136e74d917374c70433b8e7c7a58cf219aba4c721a1213aca8
SHA1 hash: d9bebc4c86cc20a3e3147dfecf56aac64c0c9c3d
MD5 hash: 99e58ef9d3f618465d5006d19881e091
humanhash: virginia-lion-hamper-paris
File name:99e58ef9d3f618465d5006d19881e091
Download: download sample
Signature DanaBot
Create hunting rule
File size:1'060'864 bytes
First seen:2021-08-28 12:00:11 UTC
Last seen:2021-08-28 12:57:26 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 0db41ef1d0838062c008ff4132905031 (4 x DanaBot)
ssdeep 24576:GZngGrZHlNsQyeq+8O6pd+zjzZAV7ca17QowyQTLzhixN0CDm:GZgGlFOQyeqZO8rlc4Q/ZLziNS
Threatray 261 similar samples on MalwareBazaar
TLSH T1F635123273C08C32C025FA3D69D1AD94167EFA317E91B80A2ADC45AFDCEB7419815A5F
Reporter zbetcheckin
Tags:32 DanaBot exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
1'126
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
99e58ef9d3f618465d5006d19881e091
Verdict:
Malicious activity
Analysis date:
2021-08-28 12:02:22 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/b7667bd0-d299-4142-97b2-72a9a86d9ead

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/183054/
Detection(s):
SecuriteInfo.com.Variant.Ulise.282168.2302.2658.UNOFFICIAL
Create hunting rule

Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Creating a file
Enabling the 'hidden' option for recently created files
Sending a UDP request
Launching a process
Creating a process with a hidden window
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/d928d7e4-8d19-44fc-bed8-726c386e6bf5
Result
Threat name:
DanaBot
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/840725
Signature
C2 URLs / IPs found in malware configuration
Found malware configuration
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Yara detected DanaBot stealer dll
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9a4537ed41f8307c11b5c85e70ed82573e3fa7f424178eb7f15c5b4d4d72cde5/
Threat name:
Win32.Trojan.Ulise
Create hunting rule
Status:
Malicious
First seen:
2021-08-28 12:01:10 UTC
AV detection:
13 of 46 (28.26%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
423d9cfa5ac46d2ebb867f1b51dc844f4b823c4404c82b16ba611a1032040bf8
DanaBot
55f0976368822adb482407f46a40dcb9e0f2cc7e874d8b67c2bc82d82f7131e0
DanaBot
987f20ff829ea4c324d87ca9b55860111b827d0fdb01499bb704074d9d220016
DanaBot
a6f23f333a1c8eab33961660887f4ebb84f12451db4d8f94c1c01fe5dca71ae8
DanaBot
b97c821707e93e8e535dc3661098e792d55d493a5edbd3f59bfd559c34d7822d
DanaBot
d3657dd474e857255ae3ea6f0faabb6f9a6f7bf77423042e5eb827a9cb72d17a
DanaBot
d7199616185a4d6187eb375c778dd4e5327df6a5e51018770addb54705732d88
DanaBot
df03220ee207a1be64e9f25b74a78684ecd00fd75dd3e44e38e2b1678060e8be
DanaBot
ee5d22a6100afb0935a51cc27ff16e833c796abce26d9ce254d66f30ab28c150
DanaBot
f43c76a153e03551456a21ebd15a07017fbabd51a1080752ddb5241f9d599782
DanaBot
+ 251 additional samples on MalwareBazaar
Result
Malware family:
danabot
Create hunting rule
Score:
  10/10
Tags:
family:danabot banker trojan
Link:
https://tria.ge/reports/210828-44rf9d4t7e/
Behaviour
Suspicious use of WriteProcessMemory
Drops file in Program Files directory
Loads dropped DLL
Blocklisted process makes network request
Danabot
Danabot Loader Component
Unpacked files
SH256 hash:
ea294f2c8300f797893dbbabea928eaf9e40dfa4d15e1f32100e2fcabe879c30
MD5 hash:
38a1cecfe7775e38854ed00cca205405
SHA1 hash:
924cb7fcb426cec15ba50795cadcacb9993cc667
Link:
https://www.unpac.me/results/0236b24a-4e7e-4212-9612-d81c17815162/
SH256 hash:
9a4537ed41f8307c11b5c85e70ed82573e3fa7f424178eb7f15c5b4d4d72cde5
MD5 hash:
99e58ef9d3f618465d5006d19881e091
SHA1 hash:
d9bebc4c86cc20a3e3147dfecf56aac64c0c9c3d
Link:
https://www.unpac.me/results/0236b24a-4e7e-4212-9612-d81c17815162/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/9a4537ed41f8307c11b5c85e70ed82573e3fa7f424178eb7f15c5b4d4d72cde5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DanaBot

Executable exe 9a4537ed41f8307c11b5c85e70ed82573e3fa7f424178eb7f15c5b4d4d72cde5

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1572232/
Cape
Cape
https://www.capesandbox.com/analysis/183054/

Comments


Avatar
zbet commented on 2021-08-28 12:00:12 UTC

url : hxxp://45.153.240.226/samservices.exe