MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7eaf1d4d20b405c4cc1209b5c2c3a63f2db9201b09e33979b9677738150a94bd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7eaf1d4d20b405c4cc1209b5c2c3a63f2db9201b09e33979b9677738150a94bd
SHA3-384 hash: 7dad58dd536685604e5ea0912251975292d695d27ab99ea15c66a9f6a1279d73e6c20470ea630089cfd56ec6161b4ab6
SHA1 hash: 5f037a60e52cb6df98791b62d3437b5a612d6495
MD5 hash: 7c67f727f691209674df2607c5a6c429
humanhash: steak-wyoming-angel-oregon
File name:hor.exe
Download: download sample
File size:601'600 bytes
First seen:2020-06-05 04:59:39 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 29b240d4c4ec3c9e4109ff572d35e999 (1 x BuerLoader)
ssdeep 12288:xD4mQ4b8WTu//Haab9tAIABL2QeQvedEAt:xj58Wc/6asB9edvt
Threatray 39 similar samples on MalwareBazaar
TLSH 7AD412C072A0A12FC456513065D1B6946BEEBC6139E0459B23583BEF2E74AF087EE773
Reporter JoulK
Tags:exe hvnc

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.DanaBot
Create hunting rule
Status:
Malicious
First seen:
2020-06-05 00:44:52 UTC
File Type:
PE (Exe)
Extracted files:
42
AV detection:
27 of 31 (87.10%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
07fd393e36e2519dda8edff80b6c629347586a628d70103d0cb425ba5c6cd0b9
1f6a8fd32a14dd74a23ad8e588d3543120b254290283d6092693d564ea0fc265
26cb425375a7613736c367866d0b79b8b7d8845437ec88e87bc83146445f892e
2a0ff145da991dbd3443cc260e9e8dcb9bcd61ec6868d80b81c77145eddc44a8
40ac8e128b78d30d49accda865a6ca90a23cf7b7e5f31042c7df55a9fe1b5af4
50ca73e510646ea1534f248099ce844f7f6178adb93055f8459ec07645f48e79
94746ac2df9974eeb567f552a74aa0c2329e60416f3232b85f11ca1a0e0b696b
b1edf0682b7141bf0f7bc1f18a02e74d3b81e2d03aa7427d81761267eabb57d5
b3d36e86a478b5223968e34ca51bff54002eb9b1a01ef26d8b657d49dd4dd831
e2d6b8bc603260f1a7564a044523d230c31c8d873deabb579cae90b88f1b92b9
+ 29 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-z4frsypcts/
Behaviour
Suspicious behavior: RenamesItself
Suspicious use of UnmapMainImage
Suspicious use of WriteProcessMemory
Suspicious behavior: MapViewOfSection
Suspicious use of SetThreadContext
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments