MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0cad84b3e79d393c7eee41f9d14a1f8ebbeffca24911c63814f3ce1bf1c0523b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0cad84b3e79d393c7eee41f9d14a1f8ebbeffca24911c63814f3ce1bf1c0523b
SHA3-384 hash: 9a1ae612ab9beb1aeac9c57c9e8486a0b1f66a4546d8fba9603d648abc8d8a9b63101ae9ba7f22ee07abf281fed3b20c
SHA1 hash: 47f2ad8b4e025be23cd2bd8681af46ed629e2ce6
MD5 hash: a36dbfd5acd5e48995e6876287424445
humanhash: utah-carpet-paris-jig
File name:a36dbfd5acd5e48995e6876287424445
Download: download sample
File size:212'992 bytes
First seen:2020-11-17 15:29:31 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 03ae0108c7455c49c94d2d60afa1e57a (1 x Worm.Ramnit)
ssdeep 3072:RhWzi7s/Jkug/mBHRasCyKY11XW20ALAE5NPp5+T2WM/+Y4pLthEjQT6j:RhYSJ/mlMWKY11mpE5Bp5+aWSkEj1
Threatray 187 similar samples on MalwareBazaar
TLSH E3248E02B1C0D89BD9B316700AF396949A7EFC31EB63811FB240772EEC36BA54A71755
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Zusy-9759518-0
Create hunting rule

Win.Malware.Razy-9759519-0
Create hunting rule

Win.Malware.Zusy-9759529-0
Create hunting rule

Win.Trojan.Agent-1381405
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a window
Creating a file in the Windows subdirectories
Running batch commands
Creating a process with a hidden window
Launching the default Windows debugger (dwwin.exe)
Creating a process from a recently created file
Creating a file in the Windows directory
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0cad84b3e79d393c7eee41f9d14a1f8ebbeffca24911c63814f3ce1bf1c0523b/
Threat name:
Win32.Trojan.Aenjaris
Create hunting rule
Status:
Malicious
First seen:
2020-11-07 18:56:18 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
58639b1e453b9b9e40e3cc5f338f04a22d95b707d2b09102954fb7a6794c0aab
5b219e2aa3f03312247a68054f84377924a796d9350116b7879738b6f882f809
600bce786b41a7f5dbf3ca746435c98ac2ddef5f4753322c09c43c550ca1cfcc
743826d85a6d09cc72c7502f8b887fc1bcdc77428f057aadee0dd1afd5b8f392
7924ae159f93c14086ffea35dd5cc4ed91fd77323ba7fae6e92f6d3953ff87e8
a3d25311c094426327b4080e6407775575e36e0011515132e5c8e6678f150024
ac422920d62f5ec2f60b667d561f5a50448982e42b7b03f5dee364c2bfb9d40f
bf299c5b6f4f84968ee0cb802d1bf8823ffd088c463e31f6caa8c02c0ac4269b
c2205d73ef491fdebfed566b39b5a7f0a0a782c2b0c37e4b08a01f6d93830d24
c8c311b17f9f35117abf0a17d28eebe2529c5a7182146cc6c028d73b4c77184b
+ 177 additional samples on MalwareBazaar
Unpacked files
SH256 hash:
0cad84b3e79d393c7eee41f9d14a1f8ebbeffca24911c63814f3ce1bf1c0523b
MD5 hash:
a36dbfd5acd5e48995e6876287424445
SHA1 hash:
47f2ad8b4e025be23cd2bd8681af46ed629e2ce6
Link:
https://www.unpac.me/results/95cad4df-2ade-48f9-b8b3-85e7792254ce/
SH256 hash:
1533cc7d3292bd879cca290313bdf8524ab0a26b815a505aded2889c32de9f37
MD5 hash:
642f75698f11216a35ac1b70335ecc2b
SHA1 hash:
e8650cf98869041b008299ad26465e5cdc835d32
Link:
https://www.unpac.me/results/95cad4df-2ade-48f9-b8b3-85e7792254ce/
SH256 hash:
2ddff92042813250d8cf2e996d4b171442105ae9890aa8d861f880105e33cb8c
MD5 hash:
8dcebaa3a98f06a6d7eb48188990810e
SHA1 hash:
53e358624bc93adf423bb70f709726b306e47fc9
Link:
https://www.unpac.me/results/95cad4df-2ade-48f9-b8b3-85e7792254ce/
SH256 hash:
c2a99ef4fe2d5f7ee33571d69bf407fdb9760baaddd07ca671b369af3036c91b
MD5 hash:
88d93db0ad7f6ce9f12136886067e0de
SHA1 hash:
dc67aafff7a7f6851b370f431605e189e3c18525
Link:
https://www.unpac.me/results/95cad4df-2ade-48f9-b8b3-85e7792254ce/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments