MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0b942c73fa2018c9a8ae7679306606f38eaaa9e6f8e223ebc87c78ec71678a54. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	0b942c73fa2018c9a8ae7679306606f38eaaa9e6f8e223ebc87c78ec71678a54
SHA3-384 hash:	bee60023e16a609439f193ff03c6d2561406d3f241fb631897c2b34483f0e66aba5d29d1dfd3e8857b20ae6cf74066a4
SHA1 hash:	4497a7d14e2b0ae9b7b57d8b1c250c3474cff202
MD5 hash:	16ea930932d1ea621459fdbd296a6119
humanhash:	snake-oxygen-river-uranus
File name:	a4c19223be175627db54111091437f3c
Download:	download sample
File size:	212'992 bytes
First seen:	2020-11-17 14:31:59 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	03ae0108c7455c49c94d2d60afa1e57a (1 x Worm.Ramnit)
ssdeep	3072:/xt0i8vsC6+JlwzH53pcn4zsfrykIhE4pLthEjQT6j:KvsC6uwzZ3pdgjrCEkEj1
Threatray	162 similar samples on MalwareBazaar
TLSH	6C248DF2F697C282E0B79A3C5BED71761B97BC119B32411BB648779EAC769504C31340
Reporter	seifreed

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Malware.Razy-9759519-0

Win.Malware.Zusy-9759529-0

Win.Trojan.Agent-1381405

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Creating a file in the Windows subdirectories

Running batch commands

Creating a process with a hidden window

Creating a process from a recently created file

Creating a file in the Windows directory

Launching the default Windows debugger (dwwin.exe)

Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch

Enabling autorun by creating a file

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/0b942c73fa2018c9a8ae7679306606f38eaaa9e6f8e223ebc87c78ec71678a54/

Threat name:

Win32.Trojan.Aenjaris

Status:

Malicious

First seen:

2020-11-17 14:32:33 UTC

AV detection:

26 of 28 (92.86%)

Threat level:

5/5

Verdict:

unknown

3fba18cd0da590c6e176aad69b89f3cec04f0f5dccf9a5d9788b5b9321269198

647482bed54f3618fb5466d726d77118d6965f519a4c518ddad1ec850db7a089

743826d85a6d09cc72c7502f8b887fc1bcdc77428f057aadee0dd1afd5b8f392

8898ce01761e5d52855090f46470430143457d2ac26993dc1ccf60f68e5443ef

946c44fb38699cf220e56947c0cab59a5c37f443a0d2b519db6ec60108947e29

9dd41de95c73c14fe51a5ec3955d93809f7e30dc558bb5d1e47fa2e7ff4be8f9

bcacc8ff565ff1c5450dbcb891ddcec02e1106edcc2ac8af7c5dc880a3aaed5a

bd7209d63ac38aa235209d97015d12a13a5bb1141a8bc96079d5bcef62c1b6d9

e9fb97f4905c60c4ae91c7765862cee4d323885e7e92fcafbbdc3aebb07fe926

+ 152 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

10/10

Tags:

persistence

Link:

https://tria.ge/reports/201117-5z3s7a64v6/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Program crash

Drops file in Windows directory

Drops file in System32 directory

Adds Run key to start application

Drops startup file

Loads dropped DLL

Executes dropped EXE

ServiceHost packer

Suspicious use of NtCreateProcessExOtherParentProcess

Unpacked files

SH256 hash:

0b942c73fa2018c9a8ae7679306606f38eaaa9e6f8e223ebc87c78ec71678a54

MD5 hash:

16ea930932d1ea621459fdbd296a6119

SHA1 hash:

4497a7d14e2b0ae9b7b57d8b1c250c3474cff202

Link:

https://www.unpac.me/results/7fd1890e-7122-470f-bb8f-44f27de0cad5/

SH256 hash:

ac49dee103d7857393239c4a671121356e99ab83ce0402a4d4e0d2698acb04be

MD5 hash:

82c4301752b3b8b84d7f041472c1e47d

SHA1 hash:

6e136c14eeb6e91b7d05e98be26b9e9c78ea3ad7

Link:

https://www.unpac.me/results/7fd1890e-7122-470f-bb8f-44f27de0cad5/

SH256 hash:

be95ecc7181589985a4daa6e1daeec97496ca0b9adbd529f8664e8eb72407817

MD5 hash:

efe2009e5064420070da140f34faad0e

SHA1 hash:

c0c36ecf663372cda51195fc5a13ef8c10f30e8b

Link:

https://www.unpac.me/results/7fd1890e-7122-470f-bb8f-44f27de0cad5/

SH256 hash:

0209b9df01eea7fcb575e019441dbf3fda5ef2b15d63aa0a341bdee0daca1099

MD5 hash:

11b04bbbe1a570c79b42f958deb724f2

SHA1 hash:

e1ca56cf465e6601a19154f39e716e66f225a759

Link:

https://www.unpac.me/results/7fd1890e-7122-470f-bb8f-44f27de0cad5/

SH256 hash:

7b8b4288a84a63fdcd87c11ff5f7a190ed8adb1d7cd327649feb10be2aa444bf

MD5 hash:

1d934e9a8d6fa7a7451803e19d99ecdb

SHA1 hash:

6f020beec0c0e6081b4d4fa02bcba67ca49ce410

Link:

https://www.unpac.me/results/7fd1890e-7122-470f-bb8f-44f27de0cad5/

SH256 hash:

1776d16dc8c51c421836295738cbc51875de32de08f9f63cf52f716f7b846a56

MD5 hash:

b5bc964f9c55b4f8d60a48856e758c32

SHA1 hash:

cf1d81769200b4b8d68515967d077a9034fc9251

Link:

https://www.unpac.me/results/7fd1890e-7122-470f-bb8f-44f27de0cad5/

SH256 hash:

7d67d477ebe530bb61879eca6045bc735242420031e8cec46805b8e928eea799

MD5 hash:

e8f4b9a50a7629a11440c2596a737067

SHA1 hash:

93928a2eae6b7686de0bc55d692ab0addb496d4a

Link:

https://www.unpac.me/results/7fd1890e-7122-470f-bb8f-44f27de0cad5/

SH256 hash:

b9c2b15c463fedcf1676aa06800b9a2add6b17f99a5a60b95baa027b3ee5a4fd

MD5 hash:

584d1830a49514e2729b27539dfe76f5

SHA1 hash:

f3077ebfe8284c3bdb8a317892de9cdc486d6790

Link:

https://www.unpac.me/results/7fd1890e-7122-470f-bb8f-44f27de0cad5/

SH256 hash:

e7ededa19b95cf99419e622e50aa3b4366a84a2e6ccf40a91458eac0124b7531

MD5 hash:

9c9cb5aa4161239d32ef1476b6120e26

SHA1 hash:

2ec294b712f4c828849effbc7c0429f1e71ae8df

Link:

https://www.unpac.me/results/7fd1890e-7122-470f-bb8f-44f27de0cad5/

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample