MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dab2b4dd7e40fcb026d0815a5fd4fcf94e3b47dada1c0be92cd893d9cd4b833c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DanaBot


Vendor detections: 13


Intelligence 13 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dab2b4dd7e40fcb026d0815a5fd4fcf94e3b47dada1c0be92cd893d9cd4b833c
SHA3-384 hash: e9d25bd04fd8698fe53e8e145df98fc14770b7f640dc1ca073564c0b2c19d1a1658f84171cb0b060613e486d55798bdc
SHA1 hash: 0d4ace733fa6277b66e22d895c394a61dbc7531e
MD5 hash: be5a8b97d052c3b1948bc79b8eeb7fa7
humanhash: kitten-oklahoma-social-may
File name:be5a8b97d052c3b1948bc79b8eeb7fa7.exe
Download: download sample
Signature DanaBot
Create hunting rule
File size:6'351'360 bytes
First seen:2022-11-01 06:30:45 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 10ce3284b173905769c417d613af74dd (6 x Amadey, 4 x Smoke Loader, 3 x RedLineStealer)
ssdeep 98304:hxrwTWhbl0j2Pmgq9jGYMLWLivJw5fyv6lWjZ85FqUprAhzuQb4rIeO1MCfE4vv:LrZWSmgqQzC48yOW4UUd84rIeQf9v
Threatray 426 similar samples on MalwareBazaar
TLSH T17556336276C2D076E9619F34EAA2D91F5A34382C573B27D3AE244D3FAF207804D9E153
TrID 48.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
16.4% (.EXE) Win64 Executable (generic) (10523/12/4)
10.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
7.0% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon e0d8c8c8e0e4a099 (12 x Smoke Loader, 7 x RedLineStealer, 7 x Amadey)
Reporter abuse_ch
Tags:DanaBot exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
384
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
danabot
Create hunting rule
ID:
1
File name:
be5a8b97d052c3b1948bc79b8eeb7fa7.exe
Verdict:
Malicious activity
Analysis date:
2022-11-01 06:34:49 UTC
Tags:
danabot
Link:
https://app.any.run/tasks/d386f2ae-25e6-469f-a08a-c4535320ac1e

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
DanaBot
Create hunting rule
Link:
https://www.capesandbox.com/analysis/326694/
Detection(s):
SecuriteInfo.com.Trojan.DownLoader45.28430.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Creating a file in the %temp% directory
Searching for synchronization primitives
Launching the default Windows debugger (dwwin.exe)
Сreating synchronization primitives
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/6360bd29791bb7e48afdf653/reports/897d3838-b3da-4837-8f36-2e86ee423a2d/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
DanaBot
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/826c42b4-db93-4fb3-bcef-840d5489ab7a
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/1102284
Signature
Antivirus detection for dropped file
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/dab2b4dd7e40fcb026d0815a5fd4fcf94e3b47dada1c0be92cd893d9cd4b833c/
Threat name:
Win32.Trojan.MintZard
Create hunting rule
Status:
Malicious
First seen:
2022-11-01 02:09:59 UTC
File Type:
PE (Exe)
Extracted files:
13
AV detection:
21 of 26 (80.77%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3kzljxl6id6lajwqqfnf7vh47fhdwr623ioax2jm3cj5ttklqm6a._file
Verdict:
malicious
Similar samples:
0f295d377540773127f73cf21c555c0358b8e28d8e74307535dd41839bf78f2b
DanaBot
1206052fbaa8552d703b6913ca35eb4f9653ea935048476b2ea7e92a439163e1
DanaBot
2f43972540a6cae0eb4e50d142860bdc278b44b9b4606747c58e19383efa82f5
DanaBot
5388b531f6d52bb164dbb60d11e016b0ce99edbd71b98422061f641dbedb242e
DanaBot
5a887c05193d46c6ef71ea39ca0b764db4f717d5bc994c778c9d2676978f3483
DanaBot
aa3dc95a5c847c3d25a8d298face426e07346025f1ba81bf2557163df03bdae2
DanaBot
bbefd006263022389bbcd69a68a8d894edf503dbb303b2da0870f365dcdf8287
DanaBot
ea315e9e65af9d1d95ac0636abde389107bb131f99e9eeac2dd16821be1ba888
DanaBot
f767e0a0d19a0e1a3788cdd2ff6468fe08add55cdcc469ea54b1ce59c6aeaa20
DanaBot
+ 416 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/221101-g92xxaghb4/
Behaviour
Checks processor information in registry
Modifies registry class
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Suspicious use of SetThreadContext
Checks computer location settings
Loads dropped DLL
Blocklisted process makes network request
Unpacked files
SH256 hash:
879b2b321bfcdb6f104a5fe0d1b59023ef6fb23c8ed2e77a9176fab48e2b5afb
MD5 hash:
7459cd8f0d9e56da7bb64701dd6b55d7
SHA1 hash:
db1f6fd7bbcd47f646a3700f8a15958336c65788
Link:
https://www.unpac.me/results/3c0f78e6-d317-43f1-9b7e-835aed914af6/
SH256 hash:
1e0ed2ee99195ef2a03317d2a8052923568c26dc732b625b4e3cff6db1e1f455
MD5 hash:
753e816f108da0a7910094e3247fb762
SHA1 hash:
797b006812c54cff63791894230567d305f60d61
Link:
https://www.unpac.me/results/3c0f78e6-d317-43f1-9b7e-835aed914af6/
SH256 hash:
568aa346ca269bfd4e97a0a593d81ba3887e6a597c7f38d99f7e8f5bf6db8043
MD5 hash:
73b2948da8e360ed5d64289d01702dfb
SHA1 hash:
3ca87787525b152622980731b1e251639a1a43d6
Link:
https://www.unpac.me/results/3c0f78e6-d317-43f1-9b7e-835aed914af6/
SH256 hash:
dab2b4dd7e40fcb026d0815a5fd4fcf94e3b47dada1c0be92cd893d9cd4b833c
MD5 hash:
be5a8b97d052c3b1948bc79b8eeb7fa7
SHA1 hash:
0d4ace733fa6277b66e22d895c394a61dbc7531e
Link:
https://www.unpac.me/results/3c0f78e6-d317-43f1-9b7e-835aed914af6/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/dab2b4dd7e40/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/dab2b4dd7e40fcb026d0815a5fd4fcf94e3b47dada1c0be92cd893d9cd4b833c

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:pdb_YARAify
Create hunting rule
Author:@wowabiy314
Description:PDB
Rule name:Windows_Trojan_Smokeloader_3687686f
Create hunting rule
Author:Elastic Security

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/326694/

Comments