MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0442d6172e1b01552d3120027e608f0c813389a9c7276399f53e0b051288f4d0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	0442d6172e1b01552d3120027e608f0c813389a9c7276399f53e0b051288f4d0
SHA3-384 hash:	1daa70f8b1bd133b4d556496208d8a114fbeef3ef6c50fc0372a0c54d820b9f0a3b3cfb537f52ffede8ed5205ca22347
SHA1 hash:	b4732b191158ef5367ac0bc53c2d5ac9f3166144
MD5 hash:	4ff79aacf4ebd12b3264fc1e798932c0
humanhash:	undress-oklahoma-mexico-lithium
File name:	0442d6172e1b01552d3120027e608f0c813389a9c7276399f53e0b051288f4d0
Download:	download sample
File size:	212'992 bytes
First seen:	2020-11-07 22:27:16 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	03ae0108c7455c49c94d2d60afa1e57a (1 x Worm.Ramnit)
ssdeep	3072:dyzSAPc+9ymNs8kMDu/4hTQKfiObPzb+E6E7Wz7cC9yJFJW4pLthEjQT6j:dcLP/nNsT4hTQKfiObPJr29CWkEj1
Threatray	16 similar samples on MalwareBazaar
TLSH	47247A48BA68CA13E767063048F0C3BA6AFDFD915FA5933B794533AC4C7265C48E3661
Reporter	seifreed

Intelligence

File Origin

# of uploads :

1

# of downloads :

88

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Malware.Razy-9759519-0

Win.Malware.Zusy-9759529-0

Win.Trojan.Agent-1381405

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Creating a file in the Windows subdirectories

Running batch commands

Creating a process with a hidden window

Launching the default Windows debugger (dwwin.exe)

Creating a process from a recently created file

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/0442d6172e1b01552d3120027e608f0c813389a9c7276399f53e0b051288f4d0/

Threat name:

Win32.Trojan.Aenjaris

Status:

Malicious

First seen:

2020-09-27 07:36:00 UTC

AV detection:

28 of 29 (96.55%)

Threat level:

5/5

Verdict:

unknown

Similar samples:

1a93cf78a6d4918994f0be8b3274699d8e1d5e63fe545421c64c2471bfe72b04

2e93116e3d1711bdb935538502d6dd229e13e16bc8ef555a71289a150aed17e1

324187c87edf4d100fd962f026828b0d838505120db40430fe471242f4b1522a

4e24bef504680e9e50789cc91152b566d5203a396044ba599baa57d8725d3db4

7032d75528fb43e62f05145e67531fd265917263438c70d206e4d6618ed46595

73d58375aa520c069350d52076feb7f6932664d54b879658f73c584b618b473b

7e5e490596ac07c6ab480f9417e9d602d507dc95043f3deb8dec54d505a806ef

aca74c0ff8bb942780f7c8a68545e056ee5b3c28ef3fb7c3bc91c2dfc2b0de36

b8a835417aa6b34057119f4f27b6dd467923f0cf5ecb56e01f7299c154516dd4

ed3a2eadc4f34ceda21234a71c74e18e95e673976f9277f3268c5c80930908bc

+ 6 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

10/10

Tags:

n/a

Link:

https://tria.ge/reports/201108-kxcqb1v5mn/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Program crash

Drops file in Windows directory

Drops file in System32 directory

Loads dropped DLL

Executes dropped EXE

ServiceHost packer

Suspicious use of NtCreateProcessExOtherParentProcess

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample