MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 347cb099e70226ad94dd881735ef3939a47b8bbcd2316cc1aa4a6678a7702867. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 347cb099e70226ad94dd881735ef3939a47b8bbcd2316cc1aa4a6678a7702867
SHA3-384 hash: f67800a7e4551d6538e2b175b74270f371add630d75b6d9ffac8e119c3f466c7c9122cd9693676a714668b8cd0df59b9
SHA1 hash: 8d55bea58a0397e0feca7d6b058f7551f82a3ba5
MD5 hash: 1d9a9b12464c9114324343865f881141
humanhash: avocado-aspen-oranges-iowa
File name:a2afd8dce5e315be4e9154a71501affe
Download: download sample
File size:212'992 bytes
First seen:2020-11-17 11:24:06 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 03ae0108c7455c49c94d2d60afa1e57a (1 x Worm.Ramnit)
ssdeep 3072:tAvDKT93pajyMb/0Hw0FIqp8dWB7X7PZD/rQmb4pLthEjQT6j:tq693pej0WwH5xbkEj1
Threatray 54 similar samples on MalwareBazaar
TLSH BD247C4036F185E6D0BB173815E2CB631AE1BE22ABB5931BFB14772D6A733419C16F24
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
58
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Razy-9759519-0
Create hunting rule

Win.Malware.Zusy-9759529-0
Create hunting rule

Win.Trojan.Agent-1381405
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Creating a file in the Windows subdirectories
Running batch commands
Creating a process with a hidden window
Launching the default Windows debugger (dwwin.exe)
Creating a process from a recently created file
Result
Verdict:
0
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/347cb099e70226ad94dd881735ef3939a47b8bbcd2316cc1aa4a6678a7702867/
Threat name:
Win32.Trojan.Aenjaris
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 11:25:06 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
0442d6172e1b01552d3120027e608f0c813389a9c7276399f53e0b051288f4d0
2c1e6769208a36e6f5751565dd448673275c2a703aedeef144e49b7789cc9d95
2e93116e3d1711bdb935538502d6dd229e13e16bc8ef555a71289a150aed17e1
324187c87edf4d100fd962f026828b0d838505120db40430fe471242f4b1522a
7117b5b3b53a1d47f37d4ce9541ddfb9e0aa2bd8d08deea2b04b574515eb2c54
7ed78adee01158324695498d9bee7ef64dd3324ecbbe796d071785645f757726
9f69e4209459877bfd78e5de12c2d736ac04142c1ec1ddb94a38bc91a8e97a02
d523eeb7f2579a26d5287ed5fe62508227d77f8b5bbde54e6240cba667c64d6d
f8bb14872c59ab2fb7e0e15c511e72e140d59d5feaa3a3cca48997b29cd342c0
fae8881e80b6243384360184e9f60a35155697c280af2440aa8ab7b904a43f4f
+ 44 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Link:
https://tria.ge/reports/201117-qw1ylj5hee/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Program crash
Drops file in Windows directory
Drops file in System32 directory
Loads dropped DLL
Executes dropped EXE
ServiceHost packer
Suspicious use of NtCreateProcessExOtherParentProcess
Unpacked files
SH256 hash:
347cb099e70226ad94dd881735ef3939a47b8bbcd2316cc1aa4a6678a7702867
MD5 hash:
1d9a9b12464c9114324343865f881141
SHA1 hash:
8d55bea58a0397e0feca7d6b058f7551f82a3ba5
Link:
https://www.unpac.me/results/723444b4-b444-4575-9d66-8cb8ea892141/
SH256 hash:
379779ff24173d7dec131b6e435a6ab5709ddf2516e927dd451a58ebbe1f821a
MD5 hash:
a1bbaeb3b64c44b657397b6bcc9822d0
SHA1 hash:
b29d92c381e691c92fba3ea34c2d510dd1c5fdfc
Link:
https://www.unpac.me/results/723444b4-b444-4575-9d66-8cb8ea892141/
SH256 hash:
698b4ba49cc5993bfebdebe7de693857fa9f56b5b1c7a39bf0b545feb86ce8c7
MD5 hash:
9072b086b312d3304a46deb328a16d6e
SHA1 hash:
1351254f204361130552c8acc179cfe7598fee4a
Link:
https://www.unpac.me/results/723444b4-b444-4575-9d66-8cb8ea892141/
SH256 hash:
203b73730448db2b25bf882601aef4dbe0b2c768f8525c1ded8f3d4037a5d53e
MD5 hash:
e365ec247e86002a5c945678ff8d5c98
SHA1 hash:
51f51062755efa5e7cb287e3a84cc3fb00ce51f2
Link:
https://www.unpac.me/results/723444b4-b444-4575-9d66-8cb8ea892141/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments