MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c69b6339fbcf4ab111115acc4134719d7de63176942c4e78913f5cf05a8c1b0f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

DanaBot

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	c69b6339fbcf4ab111115acc4134719d7de63176942c4e78913f5cf05a8c1b0f
SHA3-384 hash:	1475159021b820de9515dea6613ac31adad59c4fe77b5679133ece70904e2936482bdc909784606bede846dd08797375
SHA1 hash:	eab7cc1b376e0257c99615ee5baaa0976e18ed32
MD5 hash:	1605515eccee72e75efe33ba6b8d9bcb
humanhash:	six-avocado-gee-saturn
File name:	1605515eccee72e75efe33ba6b8d9bcb.exe
Download:	download sample
Signature	DanaBot Create hunting rule
File size:	1'216'512 bytes
First seen:	2021-07-28 18:02:56 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	c6ebbfd08d361ef29153e4487e25f820 (2 x RedLineStealer, 1 x Cryptbot, 1 x DanaBot)
ssdeep	24576:2BslwCP6/1/AleEmE3pA48UFpElM+XNbE5bMXsVGtON:2B3/1ceEmE3pr8U7ECiGMXsVz
Threatray	3'076 similar samples on MalwareBazaar
TLSH	T1D14512207A61C038F6F216FC65B693BCA43E7A715B2490CF52D52AEE56345E1BD3230B
dhash icon	ead8ac9cc6e68ea0 (38 x RaccoonStealer, 18 x RedLineStealer, 12 x Smoke Loader)
Reporter	abuse_ch
Tags:	DanaBot exe

Intelligence

File Origin

# of uploads :

# of downloads :

207

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

1605515eccee72e75efe33ba6b8d9bcb.exe

Verdict:

Malicious activity

Analysis date:

2021-07-28 18:15:33 UTC

Tags:

trojan danabot

Link:

https://app.any.run/tasks/89da5982-58db-41ca-8748-4898dcab87b5

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/174767/

Detection(s):

Win.Malware.Generic-9881904-0

Win.Packed.Mokes-9881941-0

Win.Malware.Generic-9881959-0

Win.Packed.Raccoon-9882053-0

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Generic Malware

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/958ec4a3-4dd6-4138-87c0-21a4e75089db

Result

Threat name:

DanaBot

Detection:

malicious

Classification:

troj.evad

Score:

92 / 100

Link:

https://www.joesandbox.com/analysis/823290

Signature

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Machine Learning detection for sample

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

System process connects to network (likely due to code injection or exploit)

Yara detected DanaBot stealer dll

Behaviour

Behavior Graph:

Download SVG

Gathering data

Threat name:

Win32.Trojan.Hynamer

Status:

Malicious

First seen:

2021-07-28 00:57:43 UTC

AV detection:

20 of 28 (71.43%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=y2nwgop3z5flceirllgecndrtv66mmlwsqwe46erh5opawumdmhq._file

Verdict:

malicious

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://tria.ge/reports/210728-8xjzwbrx5x/

Behaviour

Suspicious use of WriteProcessMemory

Drops file in Program Files directory

Loads dropped DLL

Blocklisted process makes network request

Unpacked files

SH256 hash:

a4f029ef2f2dcd8319955185a0675b446ad78f737a383afb57f86ae70335d1a3

MD5 hash:

973e243a21c58d1ce53e81b6cfb13f29

SHA1 hash:

7e8eba90c43e6bc2bbbb966923f9f9ff76ab01d6

Link:

https://www.unpac.me/results/a1605ae6-873d-47ee-bcd9-a5ac2acb440c/

SH256 hash:

6e52eb5550bb1ac170cad1fcfda47c5b2bee69002788e7d0b955817003e6d8bd

MD5 hash:

a15f8ca9e66c11ea9167e7deb3a9ef47

SHA1 hash:

8a998a00cc6e8d0fa14492344ef1db5f73fcd07a

Link:

https://www.unpac.me/results/a1605ae6-873d-47ee-bcd9-a5ac2acb440c/

SH256 hash:

c69b6339fbcf4ab111115acc4134719d7de63176942c4e78913f5cf05a8c1b0f

MD5 hash:

1605515eccee72e75efe33ba6b8d9bcb

SHA1 hash:

eab7cc1b376e0257c99615ee5baaa0976e18ed32

Link:

https://www.unpac.me/results/a1605ae6-873d-47ee-bcd9-a5ac2acb440c/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/c69b6339fbcf4ab111115acc4134719d7de63176942c4e78913f5cf05a8c1b0f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DanaBot

exe c69b6339fbcf4ab111115acc4134719d7de63176942c4e78913f5cf05a8c1b0f

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/1467030/

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/1461110/

Cape

https://www.capesandbox.com/analysis/174767/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample