MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fb1bd527586e3a82d89891d4dc6b925ec1d9ba75110bef638ff852bc14e0496f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DanaBot


Vendor detections: 9


Intelligence 9 IOCs YARA 2 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fb1bd527586e3a82d89891d4dc6b925ec1d9ba75110bef638ff852bc14e0496f
SHA3-384 hash: b5c450fc9537a9bbf1adeee582a8dbe6b609b474a663180b27c0d7034c55dced76feb3342be2a2f280995ace77529ad5
SHA1 hash: 3f12923041577250bb53f403aa2bb99bddb7f8d5
MD5 hash: c35560150d0ab1cc58bf8322d0ae4c01
humanhash: nineteen-low-failed-football
File name:c35560150d0ab1cc58bf8322d0ae4c01
Download: download sample
Signature DanaBot
Create hunting rule
File size:6'382'592 bytes
First seen:2022-10-27 18:14:19 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash d6f3b53e54110b981e8d25178c917088 (3 x Tofsee, 3 x Smoke Loader, 2 x RedLineStealer)
ssdeep 98304:/KTMxu2J7nsKRvR1367Q3K+miKpIFF1kS8pkj8LC/vlnjWhUVmOjrjuaX2co6:CMCKRX3X3pm5poFez0jWhGxr9Gco
Threatray 15'050 similar samples on MalwareBazaar
TLSH T1C15633492F12C171CAD64B346E74BEF0B566963A52FB0BB737C075FA1EA45C046B2283
TrID 40.3% (.EXE) Win64 Executable (generic) (10523/12/4)
19.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
17.2% (.EXE) Win32 Executable (generic) (4505/5/1)
7.7% (.EXE) OS/2 Executable (generic) (2029/13)
7.6% (.EXE) Generic Win/DOS Executable (2002/3)
File icon (PE):PE icon
dhash icon 480c1c4c4f590b14 (113 x Smoke Loader, 92 x RedLineStealer, 83 x Amadey)
Reporter zbetcheckin
Tags:32 DanaBot exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
264
Origin country :
n/a
Vendor Threat Intelligence
Detection:
DanaBot
Create hunting rule
Link:
https://www.capesandbox.com/analysis/325079/
Detection(s):
Win.Packed.Tofsee-9951336-0
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Creating a file in the %temp% directory
Searching for synchronization primitives
Launching the default Windows debugger (dwwin.exe)
Сreating synchronization primitives
Launching a process
Creating a process with a hidden window
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
DanaBot
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/096e16c2-77a7-4a9e-8726-f548093b098a
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/1099660
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 732320 Sample: 5WnMt1AS4o.exe Startdate: 27/10/2022 Architecture: WINDOWS Score: 76 44 Malicious sample detected (through community Yara rule) 2->44 46 Antivirus detection for dropped file 2->46 48 Multi AV Scanner detection for submitted file 2->48 50 Machine Learning detection for sample 2->50 6 5WnMt1AS4o.exe 1 3 2->6         started        9 OpenWith.exe 2->9         started        process3 file4 22 C:\Users\user\AppData\Local\...\Dydhshsoe.dll, PE32 6->22 dropped 24 C:\Users\user\AppData\Local\Temp\5WnMt1AS4o, PE32 6->24 dropped 11 rundll32.exe 2 6->11         started        15 WerFault.exe 9 6->15         started        18 WerFault.exe 20 9 6->18         started        20 5 other processes 6->20 process5 dnsIp6 38 172.86.120.138, 443, 49714 NETRANGEUS United States 11->38 40 172.86.120.215, 443, 49716 NETRANGEUS United States 11->40 42 213.227.155.103, 443, 49715 LEASEWEB-NL-AMS-01NetherlandsNL Netherlands 11->42 52 System process connects to network (likely due to code injection or exploit) 11->52 26 C:\ProgramData\Microsoft\...\Report.wer, Unicode 15->26 dropped 28 C:\ProgramData\Microsoft\...\Report.wer, Unicode 18->28 dropped 30 C:\ProgramData\Microsoft\...\Report.wer, Unicode 20->30 dropped 32 C:\ProgramData\Microsoft\...\Report.wer, Unicode 20->32 dropped 34 C:\ProgramData\Microsoft\...\Report.wer, Unicode 20->34 dropped 36 2 other malicious files 20->36 dropped file7 signatures8
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fb1bd527586e3a82d89891d4dc6b925ec1d9ba75110bef638ff852bc14e0496f/
Threat name:
Win32.Trojan.MintZard
Create hunting rule
Status:
Malicious
First seen:
2022-10-27 19:31:13 UTC
File Type:
PE (Exe)
Extracted files:
22
AV detection:
22 of 25 (88.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7mn5kj2yny5ifweyshkny24sl3a5totvcef66y4p7bjlyfhajfxq._file
Verdict:
malicious
Similar samples:
00de2ed7834a34d0643df2cbd50188efe3fe66fba74cfd32ff98a7eb70717a46
DanaBot
07c52d7502270fdd42ee6e3fada464e83ac207f57f169f51b2a95a756f401940
DanaBot
576ddf77b8b7a0685f8619125f16bbaebd35b38caf08c5ef6ea19be5a080125b
DanaBot
5a887c05193d46c6ef71ea39ca0b764db4f717d5bc994c778c9d2676978f3483
DanaBot
a1a380c16c8b853cc0b4825af9287430debc0ddaafd5f6ac5633ad6341dfb13c
DanaBot
a229aee8edf8ebb3b5e3e418879641216f49d6e00f8358a0debd4c00ddf825e9
DanaBot
aa3a20999495e8243525fe42df5cd214eb7e32a571306563e6f5496a709bc930
DanaBot
d67c521ac22f0ee3fb97d7e1bb127bcf48135737687d254a8b81b819f63a9293
DanaBot
e5daf71cd049da44c05550d3564bfe82e79a3393f66370b06591e819df946bd7
DanaBot
+ 15'040 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/221027-wvydhadab2/
Behaviour
Checks processor information in registry
Modifies registry class
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Suspicious use of SetThreadContext
Checks computer location settings
Loads dropped DLL
Blocklisted process makes network request
Unpacked files
SH256 hash:
ed86166820b688257e20228b10829692b789219f7d18834952c5a8e4788a85af
MD5 hash:
a0512d0429ae872e2cb39f4493093576
SHA1 hash:
2de5bc462214f11a8caed97a885fe9e2e7862c9a
Link:
https://www.unpac.me/results/d982045b-42b3-479c-83b4-181bb9f4fc4f/
SH256 hash:
488f12584ed398c65a8a574cda4f902a5743cd62eb8f5e46f36cc52bc894f96f
MD5 hash:
6fab9aed76a0a2d80b5231afc77dfbe5
SHA1 hash:
e30a06d9f289f25d0998e6daea9c93a69daa178b
Link:
https://www.unpac.me/results/d982045b-42b3-479c-83b4-181bb9f4fc4f/
SH256 hash:
3a1e833c3b4f5a5052bb7a72243537370843621641fea2eedb6f53db93bf9b1f
MD5 hash:
6effb0bd7341c40a7c7f0503b37cccd9
SHA1 hash:
c6f528b1bff7f379625a7c738e960917e8f215ba
Link:
https://www.unpac.me/results/d982045b-42b3-479c-83b4-181bb9f4fc4f/
SH256 hash:
1e0ed2ee99195ef2a03317d2a8052923568c26dc732b625b4e3cff6db1e1f455
MD5 hash:
753e816f108da0a7910094e3247fb762
SHA1 hash:
797b006812c54cff63791894230567d305f60d61
Link:
https://www.unpac.me/results/d982045b-42b3-479c-83b4-181bb9f4fc4f/
SH256 hash:
d927aed98605099bcb0222c6b395b8a27e697464dc33315d085f4e53a04399c8
MD5 hash:
d620c89c26677a85689634e2a62de328
SHA1 hash:
11e09c0bea122b1b00ac427ef9343699b88d5595
Link:
https://www.unpac.me/results/d982045b-42b3-479c-83b4-181bb9f4fc4f/
SH256 hash:
0b0e3f888d5bcbdaaa979743850582cf70b27c03df6eb724372f9c6e005d7402
MD5 hash:
849a17c32b4c205041ee67c0a0c54693
SHA1 hash:
3b544889a77299b86f3acdc3b1d40534d7c0563b
Link:
https://www.unpac.me/results/d982045b-42b3-479c-83b4-181bb9f4fc4f/
SH256 hash:
837196a4ef61f845a1f98b33af2e538bf828c3870e83fa815a8e80b4bbab41c5
MD5 hash:
ba340d81a431f3d9cf721c2225b60236
SHA1 hash:
f40f192a81e2606a8b3baef14943349d89af5b06
Link:
https://www.unpac.me/results/d982045b-42b3-479c-83b4-181bb9f4fc4f/
SH256 hash:
a7ee7f1371bd00bc419d5211b3a6679c0bef535bdf0cac27589348d9369e6f7a
MD5 hash:
374d04988af1ef318761a02c4b0749a6
SHA1 hash:
5bb34cf03cc0210ca9a6a259f9cba15b92f77370
Link:
https://www.unpac.me/results/d982045b-42b3-479c-83b4-181bb9f4fc4f/
SH256 hash:
085309cc08e0ef57a7164908ac16088ad460ce99a4b830908c8468b1d5ffbdcf
MD5 hash:
477c27d55e7b2d3e011ff3ada195044a
SHA1 hash:
43269a904a4aea34e60305a7243afbc35d49aa51
Link:
https://www.unpac.me/results/d982045b-42b3-479c-83b4-181bb9f4fc4f/
SH256 hash:
38ddd536e045dd9f0e2dfdf803f6ce2912eba172f82d97bfa0f67a2f82223691
MD5 hash:
7cd1a72efd89d4dd39829870036e375d
SHA1 hash:
5116586bbe5c581e8a04f41f94fc4862886f4689
Link:
https://www.unpac.me/results/d982045b-42b3-479c-83b4-181bb9f4fc4f/
SH256 hash:
5e2fadacce5158b0729e36a837d21ef1c6e6e11261dbf77537aec9c8c4234655
MD5 hash:
bf71b86f78910460f26a56efc0e5db75
SHA1 hash:
907acdbe95402fd6b7b9f9738658d9386f3fc25d
Link:
https://www.unpac.me/results/d982045b-42b3-479c-83b4-181bb9f4fc4f/
SH256 hash:
6ab17e72fee2696c37013b4a6a296baa0a7097c599b49a8e8c58d1c94d4a9733
MD5 hash:
232c3fee3ce133d4fcef21682f7748b1
SHA1 hash:
71f01bc24dc0d839792561e487f3aea82606f32c
Link:
https://www.unpac.me/results/d982045b-42b3-479c-83b4-181bb9f4fc4f/
SH256 hash:
59bfdad27fb7143a369e5257bdd7ecefa4649e163446c3de26804507966e649e
MD5 hash:
e9ea13bd9169b547108326c302b4d7e8
SHA1 hash:
2175213de1e9c0c6d67c8289eaee0053e5cf04ba
Link:
https://www.unpac.me/results/d982045b-42b3-479c-83b4-181bb9f4fc4f/
SH256 hash:
6ba193eb338bd04d2b44d7bb7a8103aafd6bb5d41bfb862e5dbf11ede24fccb8
MD5 hash:
26076fa9c33c32e88ffd9a766a4cdf5b
SHA1 hash:
b4fa38db911abcaf8cca3392eca194bad2a63ad7
Link:
https://www.unpac.me/results/d982045b-42b3-479c-83b4-181bb9f4fc4f/
SH256 hash:
c26a533db6f7d3c2210a112a49dc5ae6378ea26e206167de743af04b983a22d4
MD5 hash:
549f04b80b97541d907bb0566be23d98
SHA1 hash:
6cce55535c683b384593072511d287ce1577e200
Link:
https://www.unpac.me/results/d982045b-42b3-479c-83b4-181bb9f4fc4f/
SH256 hash:
ab2f24424aafd73a7cd4487f13d979d21b3fab43fbf5bb251770695458d04eca
MD5 hash:
572812fadd987a7bd3c616e06f8b2bbd
SHA1 hash:
2ceda4b1258f5c74a47b9145f359dbca1b5c725e
Link:
https://www.unpac.me/results/d982045b-42b3-479c-83b4-181bb9f4fc4f/
SH256 hash:
178fda21ea0136d3335401b991bef7f0683ea9ef21a87bde6f694d1c37033ee5
MD5 hash:
13d308ccb60f7b486339cb60b2a8239c
SHA1 hash:
9b2717de9192625f2c2f73c73c82de0d13b5fd3b
Link:
https://www.unpac.me/results/d982045b-42b3-479c-83b4-181bb9f4fc4f/
SH256 hash:
46c19b3adea367428cd49c043ea7b763eb0606458ba616e7a3eea53d0be04314
MD5 hash:
2c8857e2a951fec7c650b6a2e02d51eb
SHA1 hash:
c02125731da68f50559014c18e32f1913ef22350
Link:
https://www.unpac.me/results/d982045b-42b3-479c-83b4-181bb9f4fc4f/
SH256 hash:
66f05e3401361bbca9401ca4ff43c8ff03164518cb3b48e15800498f499803bf
MD5 hash:
669f6ac00a691cc33bb0449745680d0e
SHA1 hash:
f23278cd3dc50279b314b2e4392ca5b9d1339d88
Link:
https://www.unpac.me/results/d982045b-42b3-479c-83b4-181bb9f4fc4f/
SH256 hash:
f6427ce2d289415802b00e2a3dd59f2c87384a62bf05a732a9e272ed27dc545a
MD5 hash:
c3692c3eda2f1051f4c99433a9552a52
SHA1 hash:
625cdaeb9329bfecbf17ef54a08c9ab2da909068
Link:
https://www.unpac.me/results/d982045b-42b3-479c-83b4-181bb9f4fc4f/
SH256 hash:
c5c5a1c5516ad55699370d595a2bcd325056c73dd58382238bdd17fc04514ae7
MD5 hash:
4d5565430f08bc06a38a8e8eed55b739
SHA1 hash:
22951d8199525b51632586250145e815f824d174
Link:
https://www.unpac.me/results/d982045b-42b3-479c-83b4-181bb9f4fc4f/
SH256 hash:
dc7eee62afdaacadac69c30317d3a08dddd46e86bb8930697b39e247a51c7f8b
MD5 hash:
60261299e3b5de23782bc5408b705723
SHA1 hash:
bc9b0fc76b153a246c6a617510877e57e72fa9b7
Link:
https://www.unpac.me/results/d982045b-42b3-479c-83b4-181bb9f4fc4f/
SH256 hash:
4d771a31a48e9a92d4fca5faf367ddf5bfcd74cd6c3fde8a67dca8888d6b5f12
MD5 hash:
9046319d34e0174a450c8d6c870b4fbd
SHA1 hash:
f57bda1a850042170ce6e43a147d2cdc5411928e
Link:
https://www.unpac.me/results/d982045b-42b3-479c-83b4-181bb9f4fc4f/
SH256 hash:
7a39e8f4fb876ece140008d7a0abe72f047997dfa0903f77fbe3a55e4c43e88c
MD5 hash:
f485bbae622cc3b26bc28fd5c43ec334
SHA1 hash:
5cd8773b952918a1379beaed7fb0a4d485f1a989
Link:
https://www.unpac.me/results/d982045b-42b3-479c-83b4-181bb9f4fc4f/
SH256 hash:
8b5e3442c6f5cdd83308861de9f4c85dbfff7fd2b8f276fae7045957f08edb2b
MD5 hash:
d16efc3d1ca2785f4549e7974951b99d
SHA1 hash:
f25939e8f96406299f456752599567984f60e5c4
Link:
https://www.unpac.me/results/d982045b-42b3-479c-83b4-181bb9f4fc4f/
SH256 hash:
e7cace5b2d6bd8cb49035b6c459eb023d9c38e5ffb03e7f88c50aaa1e6265d79
MD5 hash:
3d9db8937fdf93ffaded71494d08510c
SHA1 hash:
4ac3d2bf56ae277cd4b292423e97fdb37ee45695
Link:
https://www.unpac.me/results/d982045b-42b3-479c-83b4-181bb9f4fc4f/
SH256 hash:
fb1bd527586e3a82d89891d4dc6b925ec1d9ba75110bef638ff852bc14e0496f
MD5 hash:
c35560150d0ab1cc58bf8322d0ae4c01
SHA1 hash:
3f12923041577250bb53f403aa2bb99bddb7f8d5
Link:
https://www.unpac.me/results/d982045b-42b3-479c-83b4-181bb9f4fc4f/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/fb1bd527586e3a82d89891d4dc6b925ec1d9ba75110bef638ff852bc14e0496f

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:pdb_YARAify
Create hunting rule
Author:@wowabiy314
Description:PDB
Rule name:Windows_Trojan_Smokeloader_3687686f
Create hunting rule
Author:Elastic Security

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DanaBot

Executable exe fb1bd527586e3a82d89891d4dc6b925ec1d9ba75110bef638ff852bc14e0496f

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/325079/
  
URLhaus
https://urlhaus.abuse.ch/url/2387962/

Comments


Avatar
zbet commented on 2022-10-27 18:14:24 UTC

url : hxxp://172.86.120.229/nlaawi.exe