MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f2bf6609d433e579a2bd41c64ba27576f3e82993dc1287a778f7f790814e2a18. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DanaBot


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f2bf6609d433e579a2bd41c64ba27576f3e82993dc1287a778f7f790814e2a18
SHA3-384 hash: c432cacc73b6a0c0343588f35eb3f8d946da5776997068677d57d0cd87bdf99796f5bb60047810640b089597f1bebc84
SHA1 hash: a35d0f874e7e85919b99259112c95b99d090155e
MD5 hash: cfda3b14ae9f8db65a2731e219345f6e
humanhash: happy-king-freddie-beryllium
File name:cfda3b14ae9f8db65a2731e219345f6e.dll
Download: download sample
Signature DanaBot
Create hunting rule
File size:1'402'368 bytes
First seen:2021-10-26 14:32:03 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash f9e81afd2870aaecd8ace36b2893b1d3 (10 x DanaBot)
ssdeep 24576:5cF20gsLR+/OMF3PEss8MMWGTDX25sToTsQd:6T1Gv932T
TLSH T149557E22B2C8F53ED4E60B3A4967A784543F7731A6959C2F57E048CCCE2A2C01A7576F
Reporter abuse_ch
Tags:DanaBot dll

Intelligence

File Origin
# of uploads :
1
# of downloads :
378
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/200269/
Detection(s):
SecuriteInfo.com.Variant.Zusy.399212.2072.1826.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Enabling the 'hidden' option for analyzed file
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
67%
Tags:
danabot evasive zusy
Link:
https://www.filescan.io/uploads/617811659a5a1e91c5d4d8d3/reports/d318ff8e-e129-4d94-9178-168747c7c8d7/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/b3715163-33a8-415f-a16d-85b8749b01b9
Result
Threat name:
DanaBot
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/877111
Signature
C2 URLs / IPs found in malware configuration
Found malware configuration
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Yara detected DanaBot stealer dll
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 509567 Sample: N2gPTXalzz.dll Startdate: 26/10/2021 Architecture: WINDOWS Score: 76 23 Found malware configuration 2->23 25 Multi AV Scanner detection for submitted file 2->25 27 Yara detected DanaBot stealer dll 2->27 29 C2 URLs / IPs found in malware configuration 2->29 7 loaddll32.exe 2 2->7         started        process3 process4 9 rundll32.exe 1 7->9         started        12 rundll32.exe 1 7->12         started        15 cmd.exe 1 7->15         started        17 rundll32.exe 1 7->17         started        dnsIp5 31 System process connects to network (likely due to code injection or exploit) 9->31 21 185.117.90.36, 443, 49749, 49750 HZ-NL-ASGB Netherlands 12->21 19 rundll32.exe 1 15->19         started        signatures6 process7
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f2bf6609d433e579a2bd41c64ba27576f3e82993dc1287a778f7f790814e2a18/
Threat name:
Win32.Trojan.DanaBot
Create hunting rule
Status:
Malicious
First seen:
2021-10-26 14:33:05 UTC
AV detection:
22 of 28 (78.57%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6k7wmcougpsxtiv5ihdexitvo3z6qkmt3qjipj3y673zbakofima._file
Verdict:
malicious
Result
Malware family:
danabot
Create hunting rule
Score:
  10/10
Tags:
family:danabot banker trojan
Link:
https://tria.ge/reports/211026-rwallsaabp/
Behaviour
Suspicious use of WriteProcessMemory
Blocklisted process makes network request
Danabot
Danabot Loader Component
Malware Config
C2 Extraction:
185.117.90.36:443
193.42.36.59:443
Unpacked files
SH256 hash:
809fcb1dab857749b2d9bed8226389ba5a5cbceb550b4e16435cc7ae01747f44
MD5 hash:
550d4c0d45b9e4ba2bd849a78e4742b8
SHA1 hash:
9b7913e89fd2b37eb685139c4c9bbf884aa9846b
Link:
https://www.unpac.me/results/5fb87f63-d12c-4204-814c-d88241f83809/
SH256 hash:
f2bf6609d433e579a2bd41c64ba27576f3e82993dc1287a778f7f790814e2a18
MD5 hash:
cfda3b14ae9f8db65a2731e219345f6e
SHA1 hash:
a35d0f874e7e85919b99259112c95b99d090155e
Link:
https://www.unpac.me/results/5fb87f63-d12c-4204-814c-d88241f83809/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f2bf6609d433e579a2bd41c64ba27576f3e82993dc1287a778f7f790814e2a18

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DanaBot

DLL dll f2bf6609d433e579a2bd41c64ba27576f3e82993dc1287a778f7f790814e2a18

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1707747/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/200269/

Comments