MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a69cea507366c6401df640e7f0461166afe98ac67f7ab00e86bc5d8665ff8cec. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DanaBot


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a69cea507366c6401df640e7f0461166afe98ac67f7ab00e86bc5d8665ff8cec
SHA3-384 hash: 076a40a5b562bf8a151b9621300738d44836093f2f7cd54b38fe5bf2f2d3625bda09702ba7580b1baf62b4ee16b4b258
SHA1 hash: 57d0218c3efbaa4bc750b2c8a12ed3c0d28b6866
MD5 hash: aeeef159543b28995b1f742085a2c6a0
humanhash: beer-mississippi-pluto-bulldog
File name:12.08 - Reports.js
Download: download sample
Signature DanaBot
Create hunting rule
File size:72'345 bytes
First seen:2021-08-13 01:30:23 UTC
Last seen:2021-08-13 06:47:35 UTC
File type:Java Script (JS) js
MIME type:text/plain
ssdeep 1536:mMZ7QeP2/xJD0Zr6HLeV7FilX5XfAYWAdIr7uCqf:ceP2/jOr6cExvff
TLSH T1F36305E46381D40366CD1E83FF0A7DEDE06AB9B669C8A6078664779C24BD50BC5B0DF0
Reporter malware_traffic
Tags:DanaBot js

Intelligence

File Origin
# of uploads :
5
# of downloads :
439
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.DownLoader41.10447.31626.24001.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a69cea507366c6401df640e7f0461166afe98ac67f7ab00e86bc5d8665ff8cec/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=u2oouudtm3deahpwidt7arqrm2x6tcwgp55ladugxroymzp7rtwa._file
Result
Malware family:
danabot
Create hunting rule
Score:
  10/10
Tags:
family:danabot banker discovery spyware stealer trojan
Link:
https://tria.ge/reports/210813-15h1kx7l2a/
Behaviour
Checks processor information in registry
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Drops file in Program Files directory
Checks installed software on the system
Loads dropped DLL
Reads user/profile data of web browsers
Blocklisted process makes network request
Downloads MZ/PE file
Danabot
Danabot Loader Component
Malware Config
Dropper Extraction:
http://www.bonusesfound.ml/update/index.php
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/a69cea507366/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/a69cea507366c6401df640e7f0461166afe98ac67f7ab00e86bc5d8665ff8cec

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments