MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1d79f91336f0fc3d8f014336ce0edac79cf7c3f504e7e537241e30efe79356c8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1d79f91336f0fc3d8f014336ce0edac79cf7c3f504e7e537241e30efe79356c8
SHA3-384 hash: adcd18b08427e76d2e20e2290dfc2bc011d64099fe2544f45636fa435e970ea150a93acf7cb4f6aa7a4153004fc0f7f4
SHA1 hash: 598fe4c3f640f53a5465070105a83d5df820d929
MD5 hash: 536f76c2b0a29fc622ce63360f8a0288
humanhash: michigan-chicken-juliet-avocado
File name:536f76c2b0a29fc622ce63360f8a0288
Download: download sample
File size:212'992 bytes
First seen:2020-11-17 11:52:49 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 03ae0108c7455c49c94d2d60afa1e57a (1 x Worm.Ramnit)
ssdeep 3072:yRk/V0Ar50ZMB3yjokWHSdnWFOE7ge4N4pLthEjQT6j:0kt0Ar5iMB4okWHSddE7lYkEj1
Threatray 129 similar samples on MalwareBazaar
TLSH 6E24AE1170C2C692D0B73F758CD68AE40E267E626F7BA21BB59337EF68727824C60751
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
51
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Razy-9759519-0
Create hunting rule

Win.Malware.Zusy-9759529-0
Create hunting rule

Win.Trojan.Agent-1381405
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a window
Creating a file in the Windows subdirectories
Running batch commands
Creating a process with a hidden window
Creating a process from a recently created file
Creating a file in the Windows directory
Launching the default Windows debugger (dwwin.exe)
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Enabling autorun by creating a file
Result
Verdict:
0
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1d79f91336f0fc3d8f014336ce0edac79cf7c3f504e7e537241e30efe79356c8/
Threat name:
Win32.Trojan.Aenjaris
Create hunting rule
Status:
Malicious
First seen:
2020-10-04 10:44:00 UTC
AV detection:
28 of 29 (96.55%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
14da1a1ccadf50f6599e7889e37627b7ebe383b1b482029f94cea57336e864b7
243622c63f013c1ce6779a8539daffc7cf3e40d64b2a1df6ef2e22b85e9be92d
46658a542b8a7dce30caacb538805ba6d88c6329afd072a986389929ede2a408
798e842411486fafd06c7bb156cfb9648c71a627f39b2f2ff94001092886987a
9dc9e84417abae2d03346b9855469e751126477b52412bf9eff8f7aa09bb35ab
ac422920d62f5ec2f60b667d561f5a50448982e42b7b03f5dee364c2bfb9d40f
c9db9f0e17a87aae3cf4a2878bfadfba254ca1acb21f4b568170cf0bd7562a3f
d2c0475852e1d44f90dd4f8f7361176ae05dedf2ad5d21cfbc96aa9b90260c68
e38de8ec5fb30a4a55917e568982b2a630535c0f5a6bb54cbbb247f5b0425e49
f5cbf699160cc72f0a645ef3851c80eda851f3120a4d76513ac660b5fbd844ff
+ 119 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
persistence
Link:
https://tria.ge/reports/201117-djf7ncfp5e/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Program crash
Drops file in Windows directory
Drops file in System32 directory
Adds Run key to start application
Drops startup file
Loads dropped DLL
Executes dropped EXE
ServiceHost packer
Suspicious use of NtCreateProcessExOtherParentProcess
Unpacked files
SH256 hash:
1d79f91336f0fc3d8f014336ce0edac79cf7c3f504e7e537241e30efe79356c8
MD5 hash:
536f76c2b0a29fc622ce63360f8a0288
SHA1 hash:
598fe4c3f640f53a5465070105a83d5df820d929
Link:
https://www.unpac.me/results/c09a180a-501f-4a37-9ccc-b58f31429887/
SH256 hash:
6ad486efcd35be84da14c96b8d800ddf585667cc28f83950d424f55329460d05
MD5 hash:
9ddfb06d436b5fbd941d3d102e585d38
SHA1 hash:
627f3efa5d99958f196c37ad065a18fa9cb3566f
Link:
https://www.unpac.me/results/c09a180a-501f-4a37-9ccc-b58f31429887/
SH256 hash:
eddb1d6fa261559b7dbce4ce153ecb0a50622519c7b703e6b8c8d483b9893caa
MD5 hash:
f2b91689642fd496c937efc24e8b56f3
SHA1 hash:
9daa3890bb7f4aca7bc4f1a1b51f787394e5300d
Link:
https://www.unpac.me/results/c09a180a-501f-4a37-9ccc-b58f31429887/
SH256 hash:
6ba8b96ea047a6cb7a4346057c3afc0fe5858503fa6e476dc168233908aa7203
MD5 hash:
8a65ca3ccc41c17f3957b602413626b8
SHA1 hash:
372c9b4660ede5e6f606b66bcb0d136c1cb274d5
Link:
https://www.unpac.me/results/c09a180a-501f-4a37-9ccc-b58f31429887/
SH256 hash:
0b7929dacd84deb7be69814c7a363a06d5fdb3e480e04545a40a35ebedf6af6c
MD5 hash:
4bc14beb5d0d341a0d3eea8a733d45e2
SHA1 hash:
54eb4798b4cfc8ca39f71ab34c9ecf9cd52454e2
Link:
https://www.unpac.me/results/c09a180a-501f-4a37-9ccc-b58f31429887/
SH256 hash:
3ca6ef1bc6dfb873b7d5f5440f654b235552e66c45eb5aa6f39adfbf80e41d0a
MD5 hash:
b92b90c0581d07d184d047478f7a48b2
SHA1 hash:
69898307c33e1147c8145b14088c652cecd8da3b
Link:
https://www.unpac.me/results/c09a180a-501f-4a37-9ccc-b58f31429887/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments