MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d46fdde4c0b259e0c6301ce8a1c94c5bcfd15f4c277cd6b61e33cb5a9e2629e9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DanaBot


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d46fdde4c0b259e0c6301ce8a1c94c5bcfd15f4c277cd6b61e33cb5a9e2629e9
SHA3-384 hash: f2b115100497668bedf3007248b5c14472ec22651833c361442cf7908adff73f416d1ef27af17fe6984ea0448b754370
SHA1 hash: 446c7ef75794b80370310566c0a8a4a63492e1d9
MD5 hash: 2cc2e2d04b19ae5e2ec44a6ad1659032
humanhash: floor-louisiana-early-shade
File name:SecuriteInfo.com.BehavesLike.Win32.AdwareBProtect.dc.19014
Download: download sample
Signature DanaBot
Create hunting rule
File size:1'006'592 bytes
First seen:2020-04-28 04:41:56 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ea2205bc531e8885e34cd362436b57a4 (2 x DanaBot)
ssdeep 24576:4wo0wGVA0FYKrsPXW/dryDDs5/bnWzfWyAS:4f0wzC1sPWlreSbWzfWyAS
Threatray 37 similar samples on MalwareBazaar
TLSH 20252330F1F5593DD2B54A301474A6E10BB7B9A334384AAE6FBA39660FD06D08B63357
Reporter SecuriteInfoCom
Tags:DanaBot

Intelligence

File Origin
# of uploads :
1
# of downloads :
764
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.Generickdz-7724446-0
Create hunting rule

PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Danabot
Create hunting rule
Status:
Malicious
First seen:
2020-04-28 14:08:50 UTC
File Type:
PE (Exe)
Extracted files:
16
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2rx53zgawjm6brrqdtukdskmlph5cx2me56nnnq6gpfvvhrgfhuq._file
Verdict:
malicious
Similar samples:
013ed964d37e80ee700dd98ba83bc25692ee92b4895b92eed17c4ef5359432f8
DanaBot
014cbdc259ef1fde1a1e27b064eebcfa8344075d591dad1ab56888df71a13a89
DanaBot
3168462b40b11698b32fa1f90b8d684cba056ff88837ad67efad1d203641deec
DanaBot
34fea5456bb0c7351da3e67c7bcc8f58bcb70ac5b7d9d70e1204a5f4556958c4
DanaBot
4ca951e9d3fcc4196ad777f1f908cf2857e6ed55a7d72d7b0f6636a6b522fe7e
DanaBot
6548bb28396f639c2aef92957b6858d369c7626a881f000d089646811075955f
DanaBot
69e0603bc5aabcf9ed60c2ed34e96b5464fc13c89585fb7478aa053aed3f0138
DanaBot
a7a764414712bf2cc09bebe1b8e7dd257fbe7242c4fc103dd7f5876391af0337
DanaBot
ba060accb7e8c43b290f35cfd229954de469309d5f289c9ba5f60a95510c914d
DanaBot
cbeaf4b12d6ee7771977a0d287da80ed0d7861b68ba44664aa9e4c27d11c79ce
DanaBot
+ 27 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DanaBot

Executable exe d46fdde4c0b259e0c6301ce8a1c94c5bcfd15f4c277cd6b61e33cb5a9e2629e9

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/352584/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
AUTH_APIManipulates User AuthorizationADVAPI32.dll::GetSecurityDescriptorSacl
WIN_BASE_APIUses Win Base APIKERNEL32.dll::TerminateProcess
KERNEL32.dll::LoadLibraryW
KERNEL32.dll::GetStartupInfoW
KERNEL32.dll::GetCommandLineA
WIN_REG_APICan Manipulate Windows RegistryADVAPI32.dll::RegSetValueExA

Comments