MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dafe70cbc4be879f7eafd15ecb2caf9bd3db72685512dd8fadd13dda367d3156. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dafe70cbc4be879f7eafd15ecb2caf9bd3db72685512dd8fadd13dda367d3156
SHA3-384 hash: 9f277d447727c018c2a263c9f56be67de2d141659ffdb833d8f7c168724d81b00879bcd77b6feb809d387cd85245db22
SHA1 hash: a4384c454f19f059aea414b5d8c50097dcdd1a2c
MD5 hash: 98b8b91034eb638b4ff7d4963c08aa61
humanhash: yellow-mississippi-april-quiet
File name:98b8b91034eb638b4ff7d4963c08aa61.exe
Download: download sample
File size:366'080 bytes
First seen:2021-06-26 10:49:05 UTC
Last seen:2021-06-26 11:45:00 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 1465dccf6e4ac51fee47e91b6181067d (2 x ArkeiStealer, 1 x FickerStealer, 1 x Smoke Loader)
ssdeep 6144:xPw8yRhChk8qk2czLQP/OkMmmuYClEmuKoZciUZCW+ni2RIz6aKZOOkP:xvxq0LWOk/q+EmGZTUZ/Fsak/
Threatray 134 similar samples on MalwareBazaar
TLSH 88748D00A691C035EBF212F8897AD3AC913DBDB05B2550CBA2D5EBEE56356E1EC31317
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
109
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
98b8b91034eb638b4ff7d4963c08aa61.exe
Verdict:
Malicious activity
Analysis date:
2021-06-26 10:51:15 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/988eec04-f2a2-4fd9-a44f-109700964ec9

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/168473/
Detection(s):
SecuriteInfo.com.W32.AIDetect.malware2.14125.3757.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
DanaBot
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/9f1d1db0-871e-48d3-993f-1843e5f2b86c
Result
Threat name:
Clipboard Hijacker
Create hunting rule
Detection:
malicious
Classification:
spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/808449
Signature
Contains functionality to compare user and computer (likely to detect sandboxes)
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Uses schtasks.exe or at.exe to add and modify task schedules
Yara detected Clipboard Hijacker
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/dafe70cbc4be879f7eafd15ecb2caf9bd3db72685512dd8fadd13dda367d3156/
Threat name:
Win32.Trojan.Zenpak
Create hunting rule
Status:
Malicious
First seen:
2021-06-26 10:49:11 UTC
AV detection:
17 of 29 (58.62%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
1cccfc83a668d9ac87ad438bc7428d7d4eb7c224e437d37d15b7e7a274468545
26c9efda91b44bd3b22646ee7e1bf6da939dca186890fae2a1fde4cb1adee352
2a12ae5aabbbe3e508d3b69e3cad540c351ad3021d895303094f54523c99e0d4
3991ded07d37f90d15c445a0cce467a74d0e761b533815a9b7d2e82e3cd47eee
ab294916301557820040d4685f559037fadaa608abaa9f56d30c3a3230580d74
b0e81166e58cc1a5994f442585494035d658b24f232e6ed51f09f693f6549651
b3daa8d8b247d807ed0619e9f246a6769aa8334f61586a2579ea4886ffca05c1
d944f7f322c1ae6f36f76069e6c9351d5b19e108b26460cb903aacd115975dfc
dbcd0fdcba542380094cc8ef4daa0d0a866f106e08e6637105610d61651ddd0c
f24b525295374178f81ce9b8a6ab6c0bca5ea718e6286833116268d27f8ec847
+ 124 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/210626-h49z9g27re/
Behaviour
Creates scheduled task(s)
Suspicious use of WriteProcessMemory
Executes dropped EXE
Unpacked files
SH256 hash:
b2a049b580ef2fe23defefd78644442329b1378213c59357fbec5e24555aac44
MD5 hash:
f9e3e8dcfbfaf22d61687c78a2ff20fa
SHA1 hash:
439731b1bf2b800c2ed8c18fcd14b8ecc25eacc9
Link:
https://www.unpac.me/results/e015ffdb-9964-4744-9891-5592383ca98c/
SH256 hash:
dafe70cbc4be879f7eafd15ecb2caf9bd3db72685512dd8fadd13dda367d3156
MD5 hash:
98b8b91034eb638b4ff7d4963c08aa61
SHA1 hash:
a4384c454f19f059aea414b5d8c50097dcdd1a2c
Link:
https://www.unpac.me/results/e015ffdb-9964-4744-9891-5592383ca98c/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/dafe70cbc4be879f7eafd15ecb2caf9bd3db72685512dd8fadd13dda367d3156

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe dafe70cbc4be879f7eafd15ecb2caf9bd3db72685512dd8fadd13dda367d3156

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/168473/
  
URLhaus
https://urlhaus.abuse.ch/url/1400216/
  
Delivery method
Distributed via web download

Comments