MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ba060accb7e8c43b290f35cfd229954de469309d5f289c9ba5f60a95510c914d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DanaBot


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ba060accb7e8c43b290f35cfd229954de469309d5f289c9ba5f60a95510c914d
SHA3-384 hash: 67ce992da66ab708520af3e3d303c3451fceb7c4ddd4e1e178690e32f1bb6ac68c51e21b45b41912fb71e619e6dbe1f5
SHA1 hash: 99e1408bb8d8112080db19827e59dea833aae886
MD5 hash: fd3287f724b6bfd5b925a3d2f65b4cf4
humanhash: ten-zulu-friend-fourteen
File name:fd3287f724b6bfd5b925a3d2f65b4cf4.exe
Download: download sample
Signature DanaBot
Create hunting rule
File size:1'008'128 bytes
First seen:2020-05-01 11:23:01 UTC
Last seen:2020-05-01 11:56:29 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash cf099b94700a3627be82e8c0aeae59fe (1 x DanaBot)
ssdeep 12288:fIYmboidG39rsb01dtVU/mOSuwkpZfu+XmIGJTV6iAJYv+EIKqW1PRftqMYtn9W:fIdzgbUuJSuTciA0dqW1pfyn9
Threatray 40 similar samples on MalwareBazaar
TLSH BC25223072C15027D03A1EB27C7C955019BFBB352B70929F0A993D6E9DF0AE18AA1F57
Reporter abuse_ch
Tags:DanaBot exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
766
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.43680.7836.16548.UNOFFICIAL
Create hunting rule

PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Danabot
Create hunting rule
Status:
Malicious
First seen:
2020-04-30 23:37:20 UTC
File Type:
PE (Exe)
Extracted files:
16
AV detection:
23 of 30 (76.67%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xidavtfx5dcdwkipgxh5ekmvjxsgsme5l4ujzg5f6yfjkuimsfgq._file
Verdict:
malicious
Similar samples:
013ed964d37e80ee700dd98ba83bc25692ee92b4895b92eed17c4ef5359432f8
DanaBot
014cbdc259ef1fde1a1e27b064eebcfa8344075d591dad1ab56888df71a13a89
DanaBot
3168462b40b11698b32fa1f90b8d684cba056ff88837ad67efad1d203641deec
DanaBot
34fea5456bb0c7351da3e67c7bcc8f58bcb70ac5b7d9d70e1204a5f4556958c4
DanaBot
4ca951e9d3fcc4196ad777f1f908cf2857e6ed55a7d72d7b0f6636a6b522fe7e
DanaBot
6548bb28396f639c2aef92957b6858d369c7626a881f000d089646811075955f
DanaBot
69e0603bc5aabcf9ed60c2ed34e96b5464fc13c89585fb7478aa053aed3f0138
DanaBot
a7a764414712bf2cc09bebe1b8e7dd257fbe7242c4fc103dd7f5876391af0337
DanaBot
cbeaf4b12d6ee7771977a0d287da80ed0d7861b68ba44664aa9e4c27d11c79ce
DanaBot
d46fdde4c0b259e0c6301ce8a1c94c5bcfd15f4c277cd6b61e33cb5a9e2629e9
DanaBot
+ 30 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DanaBot

Executable exe ba060accb7e8c43b290f35cfd229954de469309d5f289c9ba5f60a95510c914d

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/354587/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
AUTH_APIManipulates User AuthorizationADVAPI32.dll::FreeSid
SECURITY_BASE_APIUses Security Base APIADVAPI32.dll::SetSecurityDescriptorSacl
WIN_BASE_APIUses Win Base APIKERNEL32.dll::TerminateProcess
KERNEL32.dll::LoadLibraryW
KERNEL32.dll::GetStartupInfoW
KERNEL32.dll::GetCommandLineW
WIN_REG_APICan Manipulate Windows RegistryADVAPI32.dll::RegSetValueExW

Comments