MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c744f24e87e969e79dd233ac2344679f95451212afc52a8fae455fa7d6df58b1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

DanaBot

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	c744f24e87e969e79dd233ac2344679f95451212afc52a8fae455fa7d6df58b1
SHA3-384 hash:	68347027b0afc762c29373f0520bbd15398dc101182ec3b9b546be6bf9ec41e98c02ba103ac45c311b4547cd8a466bc1
SHA1 hash:	5dd641372eeeb49a6b7c0b42db2eb06a7d59e013
MD5 hash:	83482a1f9ecee5ec6fd1aa7d19060a07
humanhash:	three-freddie-carbon-whiskey
File name:	83482a1f9ecee5ec6fd1aa7d19060a07.exe
Download:	download sample
Signature	DanaBot Create hunting rule
File size:	1'222'656 bytes
First seen:	2021-07-26 13:41:26 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	67ca1c6568db666b55dba090aa9df715 (3 x RaccoonStealer, 2 x DanaBot, 2 x Smoke Loader)
ssdeep	24576:VeCQ2lMlL0FzwcfU8ri3HzhUOCuFtR1n7peMwGmsnl59VAtA:VyepwcfUakzhUtuFtzoOBl53A
Threatray	2'927 similar samples on MalwareBazaar
TLSH	T16D450220BAA1C434F5F612F854B9937DA439BAB0976161CB53E03EEE0634AE5DC32753
dhash icon	ead8a89cc6e68ea0 (25 x RaccoonStealer, 8 x DanaBot, 8 x RedLineStealer)
Reporter	abuse_ch
Tags:	DanaBot exe

Intelligence

File Origin

# of uploads :

# of downloads :

222

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

83482a1f9ecee5ec6fd1aa7d19060a07.exe

Verdict:

Malicious activity

Analysis date:

2021-07-26 14:20:58 UTC

Tags:

trojan danabot

Link:

https://app.any.run/tasks/4434b66a-976f-4938-a70d-dc74e54112de

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/174145/

Detection(s):

Win.Malware.Mokes-9881338-0

Win.Packed.Generic-9881339-0

Win.Packed.Generic-9881377-0

Win.Packed.Generic-9881381-0

Win.Packed.Generic-9881389-0

Win.Packed.Generic-9881394-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

Creating a file

Enabling the 'hidden' option for recently created files

Launching a process

Creating a process with a hidden window

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Generic Malware

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/75d14915-e2c7-40a1-8e2d-5f6dbe4f6e48

Result

Threat name:

Unknown

Detection:

malicious

Classification:

evad

Score:

84 / 100

Link:

https://www.joesandbox.com/analysis/821846

Signature

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Machine Learning detection for sample

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

System process connects to network (likely due to code injection or exploit)

Behaviour

Behavior Graph:

Download SVG

Gathering data

Threat name:

Win32.Trojan.Azorult

Status:

Malicious

First seen:

2021-07-25 11:41:13 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

26 of 46 (56.52%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=y5cpetuh5fu6phosgowcgrdht6kukeqsv7csvd5oivp2pvw7lcyq._file

Verdict:

unknown

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://tria.ge/reports/210726-lvdlxvvpsn/

Behaviour

Suspicious use of WriteProcessMemory

Drops file in Program Files directory

Loads dropped DLL

Blocklisted process makes network request

Unpacked files

SH256 hash:

3fde70aec3497bc38df7518fcf190ae5ebbdd8c85976c28a17f7a43eaac9e92b

MD5 hash:

ee13cc90fabfc6ac9c4e8a00ed3805af

SHA1 hash:

b50098d0e99a9f0f88624e58701c1a9570e421ae

Link:

https://www.unpac.me/results/e7349916-7caa-4d22-b30f-4c5d656684e7/

SH256 hash:

40d3a5d592c04fa57a8cd7efd8c9c2137638baabfded90f3f86aa07b98f3635d

MD5 hash:

57af9e05c3ce298e6203530b13222bdf

SHA1 hash:

2577bdbb6f5271c36dd8ef2551e52a60a30ef540

Link:

https://www.unpac.me/results/e7349916-7caa-4d22-b30f-4c5d656684e7/

SH256 hash:

c744f24e87e969e79dd233ac2344679f95451212afc52a8fae455fa7d6df58b1

MD5 hash:

83482a1f9ecee5ec6fd1aa7d19060a07

SHA1 hash:

5dd641372eeeb49a6b7c0b42db2eb06a7d59e013

Link:

https://www.unpac.me/results/e7349916-7caa-4d22-b30f-4c5d656684e7/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/c744f24e87e969e79dd233ac2344679f95451212afc52a8fae455fa7d6df58b1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DanaBot

exe c744f24e87e969e79dd233ac2344679f95451212afc52a8fae455fa7d6df58b1

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/1479980/

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/1461110/

URLhaus

https://urlhaus.abuse.ch/url/1467030/

Cape

https://www.capesandbox.com/analysis/174145/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample