MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e1abaa8900615ec20e15dd6fc3b646171efd9dd7c124f1faedecbbc852b29891. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DanaBot


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e1abaa8900615ec20e15dd6fc3b646171efd9dd7c124f1faedecbbc852b29891
SHA3-384 hash: 940b28768b0e198f221302c0529b6f5b8e2d631f0392968c915c749304f54dadf2ea60301034abbbfe06d69c85d03871
SHA1 hash: b7f6f61fb9f94815eaa0e8840898d59982d96145
MD5 hash: 1f2c7f22f62d5b1159e5ace9da02d76e
humanhash: mountain-mississippi-five-nine
File name:1f2c7f22f62d5b1159e5ace9da02d76e.exe
Download: download sample
Signature DanaBot
Create hunting rule
File size:1'146'368 bytes
First seen:2021-07-22 17:12:30 UTC
Last seen:2021-07-22 17:50:55 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 7780eb9cc098185992365509d7637fd7 (4 x RaccoonStealer, 1 x DanaBot, 1 x TeamBot)
ssdeep 24576:lc497RTtCwZRn+KmBbrphrlJSm+xeiuywBZu1V70VtCpyy6Lz:lc49hESnOXfdPtuVMz3
Threatray 2'792 similar samples on MalwareBazaar
TLSH T1D1352350BAC48C31C2858D3A64E7CA94673C7C2A2DFE45676B45B6CB6E7128213FD70B
dhash icon 4839b2b4e8c38c90 (6 x RaccoonStealer, 4 x Smoke Loader, 4 x RedLineStealer)
Reporter abuse_ch
Tags:DanaBot exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
214
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
1f2c7f22f62d5b1159e5ace9da02d76e.exe
Verdict:
Malicious activity
Analysis date:
2021-07-22 17:23:38 UTC
Tags:
trojan danabot
Link:
https://app.any.run/tasks/aa9de0f0-58b1-449b-b1f3-8e48b8fa0f4f

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/173409/
Detection(s):
SecuriteInfo.com.Trojan.Packed2.43324.15448.28784.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/6feee788-0973-469d-9134-87ebfb978940
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/820340
Signature
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e1abaa8900615ec20e15dd6fc3b646171efd9dd7c124f1faedecbbc852b29891/
Threat name:
Win32.Trojan.Azorult
Create hunting rule
Status:
Malicious
First seen:
2021-07-22 05:56:39 UTC
AV detection:
23 of 28 (82.14%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=4gv2vciamfpmedqv3vx4hnsgc4pp3hoxyespd6xn5s54quvstciq._file
Verdict:
unknown
Similar samples:
05d6308da69a011a5f95088f5ae7d68aa09e430b05c169dc53d701776b08dd62
DanaBot
1033608024fd29faf3d43c466bc7fcfa70eed6c3e907ee57a85ad54cc2853692
DanaBot
173240b443fdb5cc7ed97cf6eedeb0d823924df3dab6d468c9da2898443f3ac6
DanaBot
2fbf6c5454bb88073ecbc13b293375ec58a9f8636c188881ffd7a3573f3c1cac
DanaBot
4d332053c49f1a46c0594b6769385c42c801c0b20d059e46ff231db47627c048
DanaBot
69fac4fe77b6da550498724f01e6db66d5c18a19c185d824bf62afdaccb0a7d6
DanaBot
6af445508c18363e0031247cff75ed2a98c7565b22fce9621fba2c32e501fea9
DanaBot
8f71fca5621ccb7ba3558cfebc17014d27923d1c73ad97ececb577fd5b937047
DanaBot
8fa3eaa46c7d8d1f44a2eeca895f802f2aa7a2251bab347ccb765c72d63ccb58
DanaBot
dab48eb20191f37e19aed12dc58640ab40957cec26dc3fa63a88f70decbd875c
DanaBot
+ 2'782 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/210722-s7jnsxrrt6/
Behaviour
Suspicious use of WriteProcessMemory
Drops file in Program Files directory
Loads dropped DLL
Blocklisted process makes network request
Unpacked files
SH256 hash:
1943321128622c30f2c8a0f49b770f548ca9a6ca59afa9b37d2a2f3e6e808bfb
MD5 hash:
1ddfa72f45fdb4f55b72a787e0e89136
SHA1 hash:
52d160ed64c0f9c9b10cdaf413488e675a0dac4e
Link:
https://www.unpac.me/results/b84e0162-fb99-4053-9a06-fd6345f41ba9/
SH256 hash:
ed462197107fb9915455e181368be9a8061ff1ed7461e5613f21450ba4a43cf5
MD5 hash:
0525fa35b1f5cfd62c694695a4134e19
SHA1 hash:
d3a13f57151b67658039ecfbffb8d9c2405e3a2b
Link:
https://www.unpac.me/results/b84e0162-fb99-4053-9a06-fd6345f41ba9/
SH256 hash:
e1abaa8900615ec20e15dd6fc3b646171efd9dd7c124f1faedecbbc852b29891
MD5 hash:
1f2c7f22f62d5b1159e5ace9da02d76e
SHA1 hash:
b7f6f61fb9f94815eaa0e8840898d59982d96145
Link:
https://www.unpac.me/results/b84e0162-fb99-4053-9a06-fd6345f41ba9/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e1abaa8900615ec20e15dd6fc3b646171efd9dd7c124f1faedecbbc852b29891

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DanaBot

Executable exe e1abaa8900615ec20e15dd6fc3b646171efd9dd7c124f1faedecbbc852b29891

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1467030/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1461110/
Cape
Cape
https://www.capesandbox.com/analysis/173409/

Comments