MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c203f54c9cb5f39279de31e42b4ecf80fea8005d77c03ff20b1cd7cccd0c0620. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DanaBot


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c203f54c9cb5f39279de31e42b4ecf80fea8005d77c03ff20b1cd7cccd0c0620
SHA3-384 hash: 0c5ad2464f5ab7abf221bc2ff7ee1c5f7bdaa8099efe549185586b702519e69b620a495a1ec8577760b7328301a96f34
SHA1 hash: d1ec7b45777d4e0e02cc4f32ba0cc08010044617
MD5 hash: cbaa6b69554effbf2b60f9829e50b717
humanhash: december-hamper-kilo-venus
File name:cbaa6b69554effbf2b60f9829e50b717.exe
Download: download sample
Signature DanaBot
Create hunting rule
File size:1'166'848 bytes
First seen:2021-07-25 06:29:00 UTC
Last seen:2021-07-25 07:42:28 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash a06df199bc5c29ff1f7c13754059d5f1 (2 x RedLineStealer, 1 x CryptBot, 1 x DanaBot)
ssdeep 24576:UGc0vcjEfsH1x2OhYokU8vPhTRt97IeV3QDbslgRw5PS5zTHBPA:UJw/+HZaUc5J7fUbogG5PuzLBI
Threatray 2'900 similar samples on MalwareBazaar
TLSH T15E452311FAB0DC32C4660AB090E5D1787A3DE8603995DD076A57BB3FBF711C262A921F
dhash icon 08b9b2b4e8c18c90 (5 x RaccoonStealer, 5 x RedLineStealer, 2 x DanaBot)
Reporter abuse_ch
Tags:DanaBot exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
234
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
cbaa6b69554effbf2b60f9829e50b717.exe
Verdict:
Malicious activity
Analysis date:
2021-07-25 06:32:48 UTC
Tags:
trojan danabot
Link:
https://app.any.run/tasks/39a94af7-ea18-4023-9a70-259ca4b655a1

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/173985/
Detection(s):
SecuriteInfo.com.Trojan.Siggen14.46125.28595.31242.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Malicious Packer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/f6345b44-69b3-409f-b476-bcc223c8f21d
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/821433
Signature
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Behaviour
Behavior Graph:
Download SVG
Gathering data
Threat name:
Win32.Trojan.Azorult
Create hunting rule
Status:
Malicious
First seen:
2021-07-24 18:14:08 UTC
AV detection:
17 of 28 (60.71%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=yib7kte4wxzze6o6ghscwtwpqd7kqac5o7ad74qldtl4ztimayqa._file
Verdict:
unknown
Similar samples:
05d6308da69a011a5f95088f5ae7d68aa09e430b05c169dc53d701776b08dd62
DanaBot
173240b443fdb5cc7ed97cf6eedeb0d823924df3dab6d468c9da2898443f3ac6
DanaBot
2239e9738b2618a22115aa25c1016a01ffabd0bfe9a405f3b87cfb5cd9f42458
DanaBot
2fbf6c5454bb88073ecbc13b293375ec58a9f8636c188881ffd7a3573f3c1cac
DanaBot
4d332053c49f1a46c0594b6769385c42c801c0b20d059e46ff231db47627c048
DanaBot
69fac4fe77b6da550498724f01e6db66d5c18a19c185d824bf62afdaccb0a7d6
DanaBot
8f71fca5621ccb7ba3558cfebc17014d27923d1c73ad97ececb577fd5b937047
DanaBot
8fa3eaa46c7d8d1f44a2eeca895f802f2aa7a2251bab347ccb765c72d63ccb58
DanaBot
9b8e02c9169932cb809300c4dff5afc240aba4d5a87264f0f7123314345c6248
DanaBot
dab48eb20191f37e19aed12dc58640ab40957cec26dc3fa63a88f70decbd875c
DanaBot
+ 2'890 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/210725-93qppct24n/
Behaviour
Suspicious use of WriteProcessMemory
Drops file in Program Files directory
Loads dropped DLL
Blocklisted process makes network request
Unpacked files
SH256 hash:
d87d64d9c402d5e16db212cc7f8d3e28cc4f32d6cae922ee158ec979d352f6b5
MD5 hash:
048c99a09fff8d58f078827119dfd652
SHA1 hash:
9d1dc7f2f4ab3a5273a21072c1121527d42de414
Link:
https://www.unpac.me/results/b9ac2c8a-1b03-455b-9e5f-f3b0f8bcdf3b/
SH256 hash:
10bda8e099bf60056869439253e66aec6e9c7e2057ed8206c5a4aea2fa30d384
MD5 hash:
f2c69a856fc88f071ceb6c1dd5faacf2
SHA1 hash:
017ff28a22be867725eaad8c21f675bc89477dbb
Link:
https://www.unpac.me/results/b9ac2c8a-1b03-455b-9e5f-f3b0f8bcdf3b/
SH256 hash:
c203f54c9cb5f39279de31e42b4ecf80fea8005d77c03ff20b1cd7cccd0c0620
MD5 hash:
cbaa6b69554effbf2b60f9829e50b717
SHA1 hash:
d1ec7b45777d4e0e02cc4f32ba0cc08010044617
Link:
https://www.unpac.me/results/b9ac2c8a-1b03-455b-9e5f-f3b0f8bcdf3b/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c203f54c9cb5f39279de31e42b4ecf80fea8005d77c03ff20b1cd7cccd0c0620

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DanaBot

Executable exe c203f54c9cb5f39279de31e42b4ecf80fea8005d77c03ff20b1cd7cccd0c0620

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1467030/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1461110/
Cape
Cape
https://www.capesandbox.com/analysis/173985/

Comments