MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9c4fade08ddee2e8d0dfc518414b188e6fd74f0d08260f8b2b9b1b0da3dc518e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DanaBot


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9c4fade08ddee2e8d0dfc518414b188e6fd74f0d08260f8b2b9b1b0da3dc518e
SHA3-384 hash: 1369d6e031e4a0e14b59df23fb29e4bfcc88e92382fb7d7aed5f19e9c2877e2fc04cf2e057dc859044f88283fd3bd1b5
SHA1 hash: 0407873ba5b9312f6f5d3a657721f054a74f4d87
MD5 hash: b12860db0af66cd54096834f586a31f7
humanhash: sink-foxtrot-friend-apart
File name:9c4fade08ddee2e8d0dfc518414b188e6fd74f0d08260f8b2b9b1b0da3dc518e
Download: download sample
Signature DanaBot
Create hunting rule
File size:2'752'512 bytes
First seen:2020-06-29 10:27:50 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash a3f7637e59b54b6a1387255ea070a6a2 (1 x DanaBot)
ssdeep 49152:nruxYWGXSQEjWjk3aviFvM/SY7Tzno87rgKGj4vGDK0n3qZ:rAGXSQEjF8jSY7noFj4+3aZ
Threatray 68 similar samples on MalwareBazaar
TLSH 33D5331672D1E470F9D71AB28F71E96250AEFEA14734A51B37942F0C09E48F0AB15BE3
Reporter JAMESWT_WT
Tags:DanaBot

Intelligence

File Origin
# of uploads :
1
# of downloads :
1'012
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/16169/
Detection(s):
Win.Dropper.Bunitu-8044794-0
Create hunting rule

Win.Dropper.Tofsee-8189976-0
Create hunting rule

Detection:
danabot
Create hunting rule
Link:
https://mwdb.cert.pl/sample/9c4fade08ddee2e8d0dfc518414b188e6fd74f0d08260f8b2b9b1b0da3dc518e/
Threat name:
Win32.Trojan.DanaBot
Create hunting rule
Status:
Malicious
First seen:
2020-06-13 22:05:23 UTC
File Type:
PE (Exe)
Extracted files:
28
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=trh23yen33rorug7yumecsyyrzx5otynbata7czltmnq3i64kgha._file
Verdict:
malicious
Similar samples:
1464f141847f0ee9af9f7f2eda69ebcb56022ae8b1d259bb152a873d3c6a303d
DanaBot
3e6c762ae623b985932a24c99a901dfb7dcb7c452bd5668bf2d7e8883f99381f
DanaBot
5128943bdbc08a1f56d6ca3c7be3ac65e7080341a2268c55e4280cee005505c0
DanaBot
95a90fbde8c6cc25ac3ebbc1bc9602a8a656a6c6d29e47378cca197c7018df02
DanaBot
98c2f70c665efdfe6ff95460c0c8f131e80de91cf6dcbcf8bb4209c330280262
DanaBot
991c4166a2246ca5ae9186a1e747f5eb767fdbd304dbfa1c5f4a2019cb6b4aec
DanaBot
9d96347ba7dd239d6a6b667242965905d6e96114281cd7a18812e901712a8303
DanaBot
a59a10879e0a2db88c6ea80f31a85962b7e4e89b6e2c4d4cac459b1580422b78
DanaBot
ba3478006a8f45f9979a6f2f363933093cd063f7845c85dc604c374481347c20
DanaBot
cd38592468e54623dc5c89529203dbc21ede6cfe95523d2f146449019288038c
DanaBot
+ 58 additional samples on MalwareBazaar
Result
Malware family:
danabot
Create hunting rule
Score:
  10/10
Tags:
botnet trojan banker family:danabot
Link:
https://tria.ge/reports/200629-rrt5d1yjhn/
Behaviour
Suspicious use of WriteProcessMemory
Loads dropped DLL
Blacklisted process makes network request
Danabot x86 payload
Danabot
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DanaBot

Executable exe 9c4fade08ddee2e8d0dfc518414b188e6fd74f0d08260f8b2b9b1b0da3dc518e

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/16169/
  
URLhaus
https://urlhaus.abuse.ch/url/367844/
  
Delivery method
Distributed via web download

Comments