MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0a1361c3f9dbc71635ad46d04ee0ad66c78728294d9de113b9eaf13392201762. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AnchorDNS


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0a1361c3f9dbc71635ad46d04ee0ad66c78728294d9de113b9eaf13392201762
SHA3-384 hash: d5975000f8b129c315bda4f8da458962e51de0f9ac06badd71cd7bafeaa3da42fa1c7c42a09689084f6c8123aca2b007
SHA1 hash: 2610c8fecbfe3c1d3272dff007191dbdecec99b8
MD5 hash: a4289ae6b373bccf320ff67b25dd8ab0
humanhash: fix-johnny-india-green
File name:0a1361c3f9dbc71635ad46d04ee0ad66c78728294d9de113b9eaf13392201762
Download: download sample
Signature AnchorDNS
Create hunting rule
File size:352'256 bytes
First seen:2021-11-26 18:54:59 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 485b95ed0c69eb8b816da620685cf220 (2 x AnchorDNS)
ssdeep 6144:HbnezFzrzW3fGZfWr2EzJLTe6SoOxp/TusZ84:HL4xfWrZTBM6A
Threatray 2 similar samples on MalwareBazaar
TLSH T1D1748D25E254486CE41AC5798973D211EAF23C460F72B6EF23D507273E36BA47A7E312
Reporter Anonymous
Tags:AnchorDNS exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
201
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
0a1361c3f9dbc71635ad46d04ee0ad66c78728294d9de113b9eaf13392201762
Verdict:
No threats detected
Analysis date:
2021-11-26 18:56:37 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/a3bfb54b-54cd-4ee7-bc40-436a3380c51e

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Result
Verdict:
Clean
Maliciousness:

Behaviour
DNS request
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
80%
Tags:
greyware razy
Link:
https://www.filescan.io/uploads/61a12d8902c80febc2aa792f/reports/9815437f-c862-4511-8bfe-108bb245c689/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
BazarLoader
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/8d5fa7d6-d43c-445a-83e7-be9cb3606353
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj.evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/896930
Signature
Creates files in alternative data streams (ADS)
May check the online IP address of the machine
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
System process connects to network (likely due to code injection or exploit)
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 529408 Sample: z16puTXjyg Startdate: 26/11/2021 Architecture: WINDOWS Score: 72 37 visioblum.com 2->37 39 majestig.com 2->39 41 3 other IPs or domains 2->41 49 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->49 51 Multi AV Scanner detection for submitted file 2->51 53 May check the online IP address of the machine 2->53 8 loaddll64.exe 1 2->8         started        10 rundll32.exe 1 2->10         started        15 rundll32.exe 2->15         started        17 7 other processes 2->17 signatures3 process4 dnsIp5 19 rundll32.exe 2 8->19         started        23 rundll32.exe 8->23         started        25 cmd.exe 1 8->25         started        27 5 other processes 8->27 43 majestig.com 10->43 45 checkip.eu-west-1.prod.check-ip.aws.a2z.com 3.251.31.47, 49716, 80 AMAZON-02US United States 10->45 47 2 other IPs or domains 10->47 35 C:\Users\user\Desktop\z16puTXjyg.dll: data, very 10->35 dropped 61 System process connects to network (likely due to code injection or exploit) 10->61 file6 signatures7 process8 file9 31 C:\Users\user\...\z16puTXjyg.dll:  $file, ASCII 19->31 dropped 33 C:\Users\user\...\z16puTXjyg.dll:  $data, ASCII 19->33 dropped 55 Creates files in alternative data streams (ADS) 19->55 57 System process connects to network (likely due to code injection or exploit) 23->57 59 May check the online IP address of the machine 23->59 29 rundll32.exe 25->29         started        signatures10 process11
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0a1361c3f9dbc71635ad46d04ee0ad66c78728294d9de113b9eaf13392201762/
Threat name:
Win64.Trojan.AnchorDNS
Create hunting rule
Status:
Malicious
First seen:
2021-11-26 18:55:11 UTC
File Type:
PE+ (Dll)
Extracted files:
1
AV detection:
19 of 28 (67.86%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=bijwdq7z3pdrmnnni3ie5yfnm3dyokbjjwo6ce5z5lytherac5ra._file
Verdict:
malicious
Similar samples:
1f8c9e1da84b788d49b60ea77f051f426c3f4f3bc5b05458d5249ddbeb904b3f
AnchorDNS
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/211126-xkr96shcg2/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Drops file in System32 directory
Unpacked files
SH256 hash:
0a1361c3f9dbc71635ad46d04ee0ad66c78728294d9de113b9eaf13392201762
MD5 hash:
a4289ae6b373bccf320ff67b25dd8ab0
SHA1 hash:
2610c8fecbfe3c1d3272dff007191dbdecec99b8
Detections:
win_anchor_a0
Create hunting rule
Link:
https://www.unpac.me/results/b9022335-c821-4355-bb43-2cf5cfc5a2b3/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/0a1361c3f9dbc71635ad46d04ee0ad66c78728294d9de113b9eaf13392201762

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments