MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c04089468922696353c3c7a044bc53491562ae6a894f77e303f2d50d41363bb4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c04089468922696353c3c7a044bc53491562ae6a894f77e303f2d50d41363bb4
SHA3-384 hash: 265a02cc0dffc3220847ec563c534e26972f5b0c7498039b5fa3b39f3a8da6eabe6c2a29aceb9750ac2212edb4b300fd
SHA1 hash: edf33bca4888eb4256445a15dcb8c732b6ce49c8
MD5 hash: d7b17e5ccdf695bb7acc9235b4e0a591
humanhash: video-beryllium-triple-speaker
File name:d7b17e5ccdf695bb7acc9235b4e0a591.exe
Download: download sample
File size:1'104'384 bytes
First seen:2022-03-15 14:26:47 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 0bff565af25c1bc5033321ca0bc710a2 (3 x RaccoonStealer, 1 x RedLineStealer, 1 x BitRAT)
ssdeep 24576:fba6o5sPtIIBhNfE6zWppGFR//gv1dMu18HA:PVb86zWrGF1Fq8
Threatray 10'004 similar samples on MalwareBazaar
TLSH T18B350210BAA0C035F2F705F409BAD39C6A3F7DA16B2495CBA2D466E966753D0EC35307
File icon (PE):PE icon
dhash icon 2dec137839939b91 (9 x RedLineStealer, 3 x Stop, 2 x DanaBot)
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
196
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/250916/
Detection(s):
Win.Dropper.Generickdz-9939781-0
Create hunting rule

Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Searching for synchronization primitives
Launching the default Windows debugger (dwwin.exe)
Creating a window
Launching a process
Sending a custom TCP request
Sending an HTTP GET request
Unauthorized injection to a system process
Result
Malware family:
n/a
Score:
  9/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/9306/overview
Behaviour
MalwareBazaar
CPUID_Instruction
MeasuringTime
SystemUptime
EvasionGetTickCount
EvasionQueryPerformanceCounter
CheckCmdLine
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/6230a2430cd58dbd929f2656/reports/6a9eccea-079c-4ba4-b32c-f67113cd3d88/overview
Result
Verdict:
SUSPICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
DanaBot
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/3c566de6-1a94-41d0-8684-28f2b2973644
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/957262
Signature
Antivirus detection for URL or domain
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Overwrites code with function prologues
Sigma detected: Suspicious Call by Ordinal
System process connects to network (likely due to code injection or exploit)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c04089468922696353c3c7a044bc53491562ae6a894f77e303f2d50d41363bb4/
Threat name:
Win32.Trojan.DanaBot
Create hunting rule
Status:
Malicious
First seen:
2022-03-15 15:20:38 UTC
AV detection:
23 of 27 (85.19%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
00de2ed7834a34d0643df2cbd50188efe3fe66fba74cfd32ff98a7eb70717a46
1ce9132eae4a8f774aaceb45c3fdb59bf0d8abfe340070b1bb84a0df8e6e794e
2775e955bf03d93033ff2bf432ad95158e176d3207962d18dc47fd074d16ba9e
5abcd78602091e9cddfec8f1e4bdd336ae58273466eb0981c2f980c4d91b6cb2
8acfd843d915a1f12da9bbc0dc543d510be82e60257b99273883b6e55a990d9f
a0bcb395c41090083f4b7612c10cb109ca668265b8fdc666dc44057726a91ce2
a229aee8edf8ebb3b5e3e418879641216f49d6e00f8358a0debd4c00ddf825e9
a7d32bdbb4d6f252707a1a16e14148a51959bc6bc68a2719742337f8a52ff179
b4dfb7404501902f3881f568aca027a738eaa44af96e8ff22b5f58eb27562c1b
ee957b46fd21616c1ff4dcd2c7f6bf5a57b3caecbddb5b6033b48fd70d03f216
+ 9'994 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/220315-rse2xscfh7/
Behaviour
Checks processor information in registry
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Suspicious use of SetThreadContext
Blocklisted process makes network request
Unpacked files
SH256 hash:
305825e5c83d3d4a6f8b195170c8919df40cca4248c1db8264a61cebf487c583
MD5 hash:
e19fbc3e1cf249ddadafca1cf2e04dfa
SHA1 hash:
b39c34d3b00a1cdba110baaf9adae58b7525a1e9
Link:
https://www.unpac.me/results/c1de5d9a-6636-4f8c-8a3e-0ffa65132e1b/
SH256 hash:
c04089468922696353c3c7a044bc53491562ae6a894f77e303f2d50d41363bb4
MD5 hash:
d7b17e5ccdf695bb7acc9235b4e0a591
SHA1 hash:
edf33bca4888eb4256445a15dcb8c732b6ce49c8
Link:
https://www.unpac.me/results/c1de5d9a-6636-4f8c-8a3e-0ffa65132e1b/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c04089468922696353c3c7a044bc53491562ae6a894f77e303f2d50d41363bb4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe c04089468922696353c3c7a044bc53491562ae6a894f77e303f2d50d41363bb4

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2098408/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/250916/

Comments