MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1db576944171f8d00f7ca52b3f5fb0a7f97067a3c5d33f1942a0cc5f6961793a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1db576944171f8d00f7ca52b3f5fb0a7f97067a3c5d33f1942a0cc5f6961793a
SHA3-384 hash: 70308f2da265e20de20a555c6d192521472c83923c42bb0fb2b9deadbf0c504d14369239a08ea092fbbfa199b7631fd1
SHA1 hash: 5ca4599cf76f0fa9004e593e17a66fc8a60cbae0
MD5 hash: a93af6cf8c894ee9709a4cff41cf9539
humanhash: gee-mike-louisiana-edward
File name:a93af6cf8c894ee9709a4cff41cf9539
Download: download sample
File size:212'992 bytes
First seen:2020-11-17 15:54:18 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 03ae0108c7455c49c94d2d60afa1e57a (1 x Worm.Ramnit)
ssdeep 3072:YH0qL5SuoUmeN+v9jlsPqzcyaRKHZgW/zaKAs5XwSB2Ugd31ctmPHccWHE/QL2Ev:YUqFgHgdlUYQB6IaBxncAVRMzImnkEj1
Threatray 186 similar samples on MalwareBazaar
TLSH 3D248B00B595C417E16B073588E6DF606AE67C31BFA2422B7D0533DE4BF265188EEFA4
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
56
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Razy-9759519-0
Create hunting rule

Win.Malware.Zusy-9759529-0
Create hunting rule

Win.Trojan.Agent-1381405
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Creating a file in the Windows directory
Running batch commands
Creating a process with a hidden window
Launching the default Windows debugger (dwwin.exe)
Creating a process from a recently created file
Creating a file in the Windows subdirectories
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/543572
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Drops executables to the windows directory (C:\Windows) and starts them
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
PE file has a writeable .text section
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 320884 Sample: peuvJhvnSP.exe Startdate: 20/11/2020 Architecture: WINDOWS Score: 80 86 Antivirus / Scanner detection for submitted sample 2->86 88 Multi AV Scanner detection for submitted file 2->88 90 Machine Learning detection for sample 2->90 92 PE file has a writeable .text section 2->92 14 peuvJhvnSP.exe 3 2->14         started        process3 file4 80 C:\Windows\SysWOW64\LPI.exe, PE32 14->80 dropped 82 C:\Windows\SysWOW64\LPI.exe.bat, ASCII 14->82 dropped 17 cmd.exe 1 14->17         started        19 WerFault.exe 23 9 14->19         started        process5 dnsIp6 23 LPI.exe 3 17->23         started        27 conhost.exe 17->27         started        84 192.168.2.1 unknown unknown 19->84 66 C:\ProgramData\Microsoft\...\Report.wer, Little-endian 19->66 dropped file7 process8 file9 72 C:\Windows\SQOYUCP.exe, PE32 23->72 dropped 74 C:\Windows\SQOYUCP.exe.bat, ASCII 23->74 dropped 106 Antivirus detection for dropped file 23->106 108 Machine Learning detection for dropped file 23->108 110 Drops executables to the windows directory (C:\Windows) and starts them 23->110 29 cmd.exe 1 23->29         started        31 WerFault.exe 19 9 23->31         started        signatures10 process11 process12 33 SQOYUCP.exe 3 29->33         started        37 conhost.exe 29->37         started        file13 62 C:\Windows\VACYWD.exe, PE32 33->62 dropped 64 C:\Windows\VACYWD.exe.bat, ASCII 33->64 dropped 94 Antivirus detection for dropped file 33->94 96 Machine Learning detection for dropped file 33->96 98 Drops executables to the windows directory (C:\Windows) and starts them 33->98 39 cmd.exe 1 33->39         started        41 WerFault.exe 33->41         started        signatures14 process15 process16 43 VACYWD.exe 3 39->43         started        47 conhost.exe 39->47         started        file17 76 C:\Windows\System\OMKJ.exe, PE32 43->76 dropped 78 C:\Windows\System\OMKJ.exe.bat, ASCII 43->78 dropped 114 Antivirus detection for dropped file 43->114 116 Machine Learning detection for dropped file 43->116 118 Drops executables to the windows directory (C:\Windows) and starts them 43->118 49 cmd.exe 43->49         started        51 WerFault.exe 43->51         started        signatures18 process19 process20 53 OMKJ.exe 49->53         started        57 conhost.exe 49->57         started        file21 68 C:\Windows\System\TNENQG.exe, PE32 53->68 dropped 70 C:\Windows\System\TNENQG.exe.bat, ASCII 53->70 dropped 100 Antivirus detection for dropped file 53->100 102 Machine Learning detection for dropped file 53->102 104 Drops executables to the windows directory (C:\Windows) and starts them 53->104 59 cmd.exe 53->59         started        signatures22 process23 signatures24 112 Drops executables to the windows directory (C:\Windows) and starts them 59->112
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1db576944171f8d00f7ca52b3f5fb0a7f97067a3c5d33f1942a0cc5f6961793a/
Threat name:
Win32.Trojan.Aenjaris
Create hunting rule
Status:
Malicious
First seen:
2020-11-08 09:48:00 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
0c5f5359cc0e057e46205acd94e818b293d8ccd1211b86c07b4bbcd68fa8a1dd
3489890a5ab8bae3ddf84a826ba98c48fab102defcd3d727c6450a8bbb757fbc
431e04000c1801546db8cf059a636154715eb3ff7f6d715a15f91ac8f94979a0
5bb5f84071d0caa80fdf283d990b37c4a796e97e12f37e4f0a875e3f7a738877
6bd4a889a26f81775904f7f53a6761ff920d866d04746a4fd7e551d1a9318b4f
723e74207d4c2b27c194e0ec3e8cdf7c14f2a97aaf1dbd25b5a658cfa4b8d054
784c771b4eeaaf909fba8a13576fa117604ce9bc5e6131b9352888ba6aed77a7
900d305e4eb3d0b0f7fce699b867f0a2edab7d51e22e942a0a2b4ea81a982aad
b6044b2b797251efc478605cb644dff4b82604b0aee001d76cfcae945520b127
fa86d2cd7e9281b198093a0a310c18b326c3dfbeaeb61d7e8ebd7be8a9f8d342
+ 176 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Link:
https://tria.ge/reports/201117-y7yk3ktqme/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Program crash
Drops file in Windows directory
Drops file in System32 directory
Executes dropped EXE
ServiceHost packer
Suspicious use of NtCreateProcessExOtherParentProcess
Unpacked files
SH256 hash:
1db576944171f8d00f7ca52b3f5fb0a7f97067a3c5d33f1942a0cc5f6961793a
MD5 hash:
a93af6cf8c894ee9709a4cff41cf9539
SHA1 hash:
5ca4599cf76f0fa9004e593e17a66fc8a60cbae0
Link:
https://www.unpac.me/results/f567f6c6-4850-4345-afe7-6d89538b87c8/
SH256 hash:
86b7038dea3c4237b805f7395208d189c2c6218e0d0780ed9f71fca6977bb8f0
MD5 hash:
071566758cb26f8c63bef097bf79f483
SHA1 hash:
34a443e4793b0bf0624d1b7ce35e1fed61b6e1bb
Link:
https://www.unpac.me/results/f567f6c6-4850-4345-afe7-6d89538b87c8/
SH256 hash:
92a8d0867f060cb0484c102237a8279e7b81db9b91d210ce8bd8b1353560605d
MD5 hash:
45d0b140ff659a19bd85af564d091e00
SHA1 hash:
f3ef1eebf5fa137657e96481454e202cf9f5bc84
Link:
https://www.unpac.me/results/f567f6c6-4850-4345-afe7-6d89538b87c8/
SH256 hash:
7c0b44c3d7f1966c8b2c804b4a8ef0766906ad93ae2465117063581e99853acd
MD5 hash:
7e19cf76ae7c88cd0278cad397b06e23
SHA1 hash:
8a0c438a867a6109a36c83423904ee3cf08f6766
Link:
https://www.unpac.me/results/f567f6c6-4850-4345-afe7-6d89538b87c8/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments