MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a0bcb395c41090083f4b7612c10cb109ca668265b8fdc666dc44057726a91ce2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 10

Intelligence 10 IOCs YARA File information Comments

SHA256 hash:	a0bcb395c41090083f4b7612c10cb109ca668265b8fdc666dc44057726a91ce2
SHA3-384 hash:	ab08481aa283f8440cf30c486be2aa1a17715f1d980a8273a7e0a57be834d9e94faeac3693ec0280f928d4b69d35965c
SHA1 hash:	7ccd9d848681f0c954905758d6cebe24cc3cedbf
MD5 hash:	315f55bbd8340be95bf207dd27228bcb
humanhash:	lamp-ink-pennsylvania-nine
File name:	315f55bbd8340be95bf207dd27228bcb.exe
Download:	download sample
File size:	1'147'392 bytes
First seen:	2022-03-15 13:59:00 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	6728da03e60bbe718ffacc65d5c92de9 (2 x RedLineStealer, 2 x N-W0rm, 1 x AZORult)
ssdeep	24576:6nGl4yEOz9JCnAeGvFdK+XK0Js9Rcgc4xX70:r+CJQcvFd6J3170
Threatray	10'972 similar samples on MalwareBazaar
TLSH	T16C350120B6A0C035E5B312F544799358B62E7ED1AB3885CF63D636E997306E0ED3274B
File icon (PE):
dhash icon	2dac1370319b9b91 (22 x Smoke Loader, 20 x RedLineStealer, 18 x Amadey)
Reporter	abuse_ch
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

145

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/250826/

Detection(s):

Win.Dropper.Generickdz-9939781-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Searching for the window

Searching for synchronization primitives

Launching the default Windows debugger (dwwin.exe)

Creating a window

Launching a process

Sending a custom TCP request

Sending an HTTP GET request

Unauthorized injection to a system process

Result

Malware family:

n/a

Score:

9/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/9282/overview

Behaviour

MalwareBazaar

SystemUptime

CPUID_Instruction

MeasuringTime

EvasionGetTickCount

CheckCmdLine

EvasionQueryPerformanceCounter

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

greyware packed

Link:

https://www.filescan.io/uploads/62309bb0b94fb38cb4852d90/reports/5360cb65-30a5-48b9-9fd1-a246ac991ca4/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

DanaBot

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/2ad23cc4-621d-4dc7-8043-12d334541499

Result

Threat name:

Unknown

Detection:

malicious

Classification:

evad

Score:

76 / 100

Link:

https://www.joesandbox.com/analysis/957052

Signature

Antivirus detection for URL or domain

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Overwrites code with function prologues

Sigma detected: Suspicious Call by Ordinal

System process connects to network (likely due to code injection or exploit)

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/a0bcb395c41090083f4b7612c10cb109ca668265b8fdc666dc44057726a91ce2/

Threat name:

Win32.Trojan.DanaBot

Status:

Malicious

First seen:

2022-03-15 14:27:00 UTC

AV detection:

24 of 27 (88.89%)

Threat level:

5/5

Verdict:

malicious

1ce9132eae4a8f774aaceb45c3fdb59bf0d8abfe340070b1bb84a0df8e6e794e

1d2550887973db494368efe5dcf10ab5c8b4acf0d29ac0236e6e0910328b1d4b

a229aee8edf8ebb3b5e3e418879641216f49d6e00f8358a0debd4c00ddf825e9

a7d32bdbb4d6f252707a1a16e14148a51959bc6bc68a2719742337f8a52ff179

ae2e9d6d5487e2ff62e528faf8f1ef5a13478eb76da536b2ed737b6a4967f876

b4dfb7404501902f3881f568aca027a738eaa44af96e8ff22b5f58eb27562c1b

dcedf234c0f9d6fe3a4392693c82708c70c8e243f42f2e7073d35bd928f3b526

ee957b46fd21616c1ff4dcd2c7f6bf5a57b3caecbddb5b6033b48fd70d03f216

+ 10'962 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://tria.ge/reports/220315-raecnsccg2/

Behaviour

Suspicious use of WriteProcessMemory

Program crash

Blocklisted process makes network request

Unpacked files

SH256 hash:

a00256e10186266cb260a898ade3e95d40337ac3171b27d93938c9fc3ae0312e

MD5 hash:

622fc60d0ba8ca4ec2b8675c9c472bad

SHA1 hash:

c70fd517cac6cdc2bff899e0cc33fe28a25ff337

Link:

https://www.unpac.me/results/b8d81bc7-bbf9-477e-ac00-ab2b8728c4e6/

SH256 hash:

a0bcb395c41090083f4b7612c10cb109ca668265b8fdc666dc44057726a91ce2

MD5 hash:

315f55bbd8340be95bf207dd27228bcb

SHA1 hash:

7ccd9d848681f0c954905758d6cebe24cc3cedbf

Link:

https://www.unpac.me/results/b8d81bc7-bbf9-477e-ac00-ab2b8728c4e6/

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/a0bcb395c410/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/a0bcb395c41090083f4b7612c10cb109ca668265b8fdc666dc44057726a91ce2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/250826/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample