MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d6231724308836e66c5fa21009af32cf671caee48643514f34711551f01f3f96. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DanaBot


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d6231724308836e66c5fa21009af32cf671caee48643514f34711551f01f3f96
SHA3-384 hash: 0984fd6491ea73f4e9cc3e52151a99ca632b0e761c18e0fc2b497066e0bc98bcc060fe35843c8094270599e823fc4757
SHA1 hash: 41aba57098eb52c142580052be122baf11b3da6a
MD5 hash: b2d6e376b0a35492cf9cf81f89d7dccf
humanhash: pennsylvania-ten-vegan-five
File name:b2d6e376b0a35492cf9cf81f89d7dccf.exe
Download: download sample
Signature DanaBot
Create hunting rule
File size:1'218'048 bytes
First seen:2021-10-04 16:00:28 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f47739d0cfd89d51cbbbec502f2604c9 (6 x RaccoonStealer, 2 x RedLineStealer, 1 x Loki)
ssdeep 24576:m/LwxtQDWsO9jw/ly2pM2DgfbQ0/HFtZDqsd33hL36L:m/ZDAjw/lxmYgzQ0/HFtFl3c
TLSH T13945221E3485D7F2E27A5534BB31C3F4466CB82D9CA2528BA7E5272EBE383919734305
File icon (PE):PE icon
dhash icon fcfcd4d4d4d4d8c0 (75 x RedLineStealer, 56 x RaccoonStealer, 23 x Smoke Loader)
Reporter abuse_ch
Tags:DanaBot exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
705
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/194730/
Detection(s):
SecuriteInfo.com.Trojan.Win32.Save.a.16519.24638.UNOFFICIAL
Create hunting rule

Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Creating a file
Enabling the 'hidden' option for recently created files
Launching a process
Creating a process with a hidden window
Malware family:
Malicious Packer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/1655167c-f612-455f-92c7-e4096732fb01
Result
Threat name:
DanaBot
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
96 / 100
Link:
https://www.joesandbox.com/analysis/864179
Signature
C2 URLs / IPs found in malware configuration
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Yara detected DanaBot stealer dll
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d6231724308836e66c5fa21009af32cf671caee48643514f34711551f01f3f96/
Threat name:
Win32.Trojan.Azorult
Create hunting rule
Status:
Malicious
First seen:
2021-10-04 16:01:05 UTC
AV detection:
18 of 28 (64.29%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2yrrojbqra3om3c7uiiatlzsz5trzlxeqzbvctzuoekvd4a7h6la._file
Verdict:
malicious
Result
Malware family:
danabot
Create hunting rule
Score:
  10/10
Tags:
family:danabot banker trojan
Link:
https://tria.ge/reports/211004-tf9rwagfa8/
Behaviour
Suspicious use of WriteProcessMemory
Loads dropped DLL
Blocklisted process makes network request
Danabot
Malware Config
C2 Extraction:
142.11.192.232:443
192.119.110.73:443
142.11.242.31:443
192.210.222.88:443
Unpacked files
SH256 hash:
d8374bbe0b511fd4c1251968182dc1973b0a03e79452c859bfb92a86c169e634
MD5 hash:
236d0e547c464141155cec9e62322201
SHA1 hash:
65d51e1e226a045f141f82da89f07b06c63d3bad
Link:
https://www.unpac.me/results/6b99fb00-4c4c-4392-9001-9a7a35bbd196/
SH256 hash:
4cd71914739faa923a9c6fe9964ff7313ee644aa028a05a539a36479d4c665af
MD5 hash:
665ea0b310ac37f82ae02470af2f5cec
SHA1 hash:
1c42b528094edcafaa8278bf60227f2e1739986d
Link:
https://www.unpac.me/results/6b99fb00-4c4c-4392-9001-9a7a35bbd196/
SH256 hash:
d6231724308836e66c5fa21009af32cf671caee48643514f34711551f01f3f96
MD5 hash:
b2d6e376b0a35492cf9cf81f89d7dccf
SHA1 hash:
41aba57098eb52c142580052be122baf11b3da6a
Link:
https://www.unpac.me/results/6b99fb00-4c4c-4392-9001-9a7a35bbd196/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/d6231724308836e66c5fa21009af32cf671caee48643514f34711551f01f3f96

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DanaBot

Executable exe d6231724308836e66c5fa21009af32cf671caee48643514f34711551f01f3f96

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1640605/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/194730/

Comments