MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cd38592468e54623dc5c89529203dbc21ede6cfe95523d2f146449019288038c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DanaBot


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cd38592468e54623dc5c89529203dbc21ede6cfe95523d2f146449019288038c
SHA3-384 hash: 6ca42c41ae4b8aec47d2c34d8c914aaf05e8a1b0117037690ffe80a3cc154082bb40c5a6ed0ae5753d037848a3102dc0
SHA1 hash: 1fd45fdbde1168b3c085805df7399398fc85b2cb
MD5 hash: d91c10b6010d6e7593974ae3278cbbf3
humanhash: hydrogen-stairway-may-pasta
File name:d91c10b6010d6e7593974ae3278cbbf3.exe
Download: download sample
Signature DanaBot
Create hunting rule
File size:2'837'504 bytes
First seen:2020-05-26 08:17:52 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 0c4ec54557c349f37ac268b4dde31ecf (3 x DanaBot)
ssdeep 49152:WPeY3a0vz1xZXhu+8rNKyu/geib/SBsOr3Jszz+WAQo7V1nbxSVZWEJL:WPc05xd80NjiboJsz6Io51nbxSV8SL
Threatray 53 similar samples on MalwareBazaar
TLSH 52D52303A3F84CF1F26758314975CEE967BFBEA24B68B856A788550F19310F196327C2
Reporter abuse_ch
Tags:DanaBot exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
808
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.33905075.30392.18903.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 21:01:55 UTC
File Type:
PE (Exe)
Extracted files:
42
AV detection:
24 of 31 (77.42%)
Threat level:
  2/5
Verdict:
malicious
Similar samples:
1464f141847f0ee9af9f7f2eda69ebcb56022ae8b1d259bb152a873d3c6a303d
DanaBot
3e6c762ae623b985932a24c99a901dfb7dcb7c452bd5668bf2d7e8883f99381f
DanaBot
4f9b6310c363bc29667d6624f373a78762061fe952494a242454be6550c374da
DanaBot
5128943bdbc08a1f56d6ca3c7be3ac65e7080341a2268c55e4280cee005505c0
DanaBot
95a90fbde8c6cc25ac3ebbc1bc9602a8a656a6c6d29e47378cca197c7018df02
DanaBot
98c2f70c665efdfe6ff95460c0c8f131e80de91cf6dcbcf8bb4209c330280262
DanaBot
991c4166a2246ca5ae9186a1e747f5eb767fdbd304dbfa1c5f4a2019cb6b4aec
DanaBot
9d96347ba7dd239d6a6b667242965905d6e96114281cd7a18812e901712a8303
DanaBot
a59a10879e0a2db88c6ea80f31a85962b7e4e89b6e2c4d4cac459b1580422b78
DanaBot
ba3478006a8f45f9979a6f2f363933093cd063f7845c85dc604c374481347c20
DanaBot
+ 43 additional samples on MalwareBazaar
Result
Malware family:
danabot
Create hunting rule
Score:
  10/10
Tags:
family:danabot banker botnet trojan
Link:
https://tria.ge/reports/201109-s5fdvl35kx/
Behaviour
Suspicious use of WriteProcessMemory
Loads dropped DLL
Blacklisted process makes network request
Danabot
Danabot x86 payload
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DanaBot

Executable exe cd38592468e54623dc5c89529203dbc21ede6cfe95523d2f146449019288038c

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/367844/
  
Delivery method
Distributed via web download

Comments