MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 da19555286a99fed6a4a84c0c4b76e793618299f6d4cc2fe31373ddc033d8dcc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DanaBot


Vendor detections: 3


Intelligence 3 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: da19555286a99fed6a4a84c0c4b76e793618299f6d4cc2fe31373ddc033d8dcc
SHA3-384 hash: 54d9c305e0f1b6167e12fd82cda75486122ee292e0fa6f4bd6ae86c680654157aec43961c29cba87f133655a4e568f49
SHA1 hash: 337a5960609070877e4f7cc5cf43e3e99e2acdb9
MD5 hash: 034b9024337c8fa17443089fa9488ee0
humanhash: network-ack-maryland-neptune
File name:SecuriteInfo.com.Win32.Kryptik.HDJT.10984
Download: download sample
Signature DanaBot
Create hunting rule
File size:3'475'968 bytes
First seen:2020-05-15 17:32:39 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 3c40312a17d7028c500c6468084c6a58 (7 x Gozi, 2 x DanaBot)
ssdeep 49152:vBB+DbwBoIK6d8kMvEOzzW2efqjnNXmUp+wtyQoI/M8VglMCXL1xFN/Zta2koOmE:vQDGa/maNWa+KwhxzHkczXTgdt
Threatray 17 similar samples on MalwareBazaar
TLSH CBF5DF107712D038F56B0A7AEC3ED4FA95287E459B3818D730C56E8F2633AD65872B1B
Reporter SecuriteInfoCom
Tags:DanaBot

Intelligence

File Origin
# of uploads :
1
# of downloads :
769
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Win32.Kryptik.HDJT.10984.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Danabot
Create hunting rule
Status:
Malicious
First seen:
2020-05-15 17:35:36 UTC
File Type:
PE (Dll)
Extracted files:
1
AV detection:
19 of 31 (61.29%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
gozi
Create hunting rule
Similar samples:
2a46d6c287851041f7a352051cadd95de3379b8878191c925f7d423a475936e6
DanaBot
32031ca4487b08af41a597da7d22c05a3d4f676c33119c057f3f4a1431217887
DanaBot
3c6d1adb8c659c6608e4fa44fe880adb352bd9e8491430b4f559604fd412e181
DanaBot
43c6a815f9651182399018a1e6b66d811028dc8c6de05a8c19813a9c2c9c1e2a
DanaBot
4bf2f4dd9ecaa28ecebae186a118cf66f8fce7ee8790351ca7224516ff47010e
DanaBot
504eb3ba676729d316c8f6639ae45b0be030124e0c3007e9edade3b57b49e708
DanaBot
5d65fcb03519e2de623db04685570406c586ee4d121c9381910932cf2e1bd344
DanaBot
6a50f0859a43dda14c415aba80c6f80d371e63d010ce61eb1f5ddf2f5738008e
DanaBot
956f601e9a95d749c9508735a7e07a1c0ede99a4b295ff3e520c5726b47c271e
DanaBot
c58594d414c882ce33499233c2f508789e5fa4d91b79ef01d763012e39d7b095
DanaBot
+ 7 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-jxerxyfw22/
Behaviour
Suspicious use of WriteProcessMemory
Blacklisted process makes network request
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:win_danabot_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments