MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3b7845e9dae733158cb3b642b1e44df47a791db693c29627658d772a7b1b0b26. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	3b7845e9dae733158cb3b642b1e44df47a791db693c29627658d772a7b1b0b26
SHA3-384 hash:	d8d0da5f6d33eb254af334aa122c03c732345a767b523ca6dba172fbc7baaecb8fcb71111722a0818ef8dba5a3e2c6f2
SHA1 hash:	6436b3f24df84cbb94cea8554da488d0886034a3
MD5 hash:	a083e9a13fbb49bb81c0fe8b6a3b856d
humanhash:	white-coffee-fix-wisconsin
File name:	a083e9a13fbb49bb81c0fe8b6a3b856d
Download:	download sample
File size:	212'992 bytes
First seen:	2020-11-17 11:25:01 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	03ae0108c7455c49c94d2d60afa1e57a (1 x Worm.Ramnit)
ssdeep	3072:IsmoGmXKWgFPDvD8535bMmhB4aC25z+AGJvr/nnr65YEuDk9Ep4pLthEjQT6j:3Ec7MPLD8535PhBhC2t0nrsYE4rpkEj1
Threatray	52 similar samples on MalwareBazaar
TLSH	32248D1537D28072D662427058EBDAD90B7ABC92DFB19E4FA520F3CE1A75DE808E3750
Reporter	seifreed

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Malware.Razy-9759519-0

Win.Malware.Zusy-9759529-0

Win.Trojan.Agent-1381405

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

Creating a window

Creating a file in the Windows subdirectories

Running batch commands

Creating a process with a hidden window

Creating a file in the Windows directory

Creating a process from a recently created file

Launching the default Windows debugger (dwwin.exe)

Searching for the window

Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch

Enabling autorun by creating a file

Result

Verdict:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/3b7845e9dae733158cb3b642b1e44df47a791db693c29627658d772a7b1b0b26/

Threat name:

Win32.Trojan.Aenjaris

Status:

Malicious

First seen:

2020-11-07 18:51:08 UTC

AV detection:

27 of 29 (93.10%)

Threat level:

5/5

Verdict:

unknown

347cb099e70226ad94dd881735ef3939a47b8bbcd2316cc1aa4a6678a7702867

47dcda5499db88280fe655b4a7e07589327074a489bd4d3f8abc6e2ce683dbc9

6b123a7f279751561a329fc9fb56d41fcf7a53d15fc6d0e638099fe9e844d962

723e74207d4c2b27c194e0ec3e8cdf7c14f2a97aaf1dbd25b5a658cfa4b8d054

784c771b4eeaaf909fba8a13576fa117604ce9bc5e6131b9352888ba6aed77a7

9e0d8b40ee55e5b66d3b79984a66bdaf38ba2c1cb33c8d88f5b504f8e31ed421

9f69e4209459877bfd78e5de12c2d736ac04142c1ec1ddb94a38bc91a8e97a02

a49adfc7e4e25cd512b4083412d1ca8da6a796104d08f142cb9617198e376727

aca74c0ff8bb942780f7c8a68545e056ee5b3c28ef3fb7c3bc91c2dfc2b0de36

+ 42 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

9/10

Tags:

persistence

Link:

https://tria.ge/reports/201117-bnfw9hyh1x/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Program crash

Drops file in Windows directory

Drops file in System32 directory

Adds Run key to start application

Drops startup file

Loads dropped DLL

Executes dropped EXE

ServiceHost packer

Unpacked files

SH256 hash:

3b7845e9dae733158cb3b642b1e44df47a791db693c29627658d772a7b1b0b26

MD5 hash:

a083e9a13fbb49bb81c0fe8b6a3b856d

SHA1 hash:

6436b3f24df84cbb94cea8554da488d0886034a3

Link:

https://www.unpac.me/results/4366df68-3db4-49c8-bcbd-ad3dbb162040/

SH256 hash:

de29947540e8cb004b9b320d238dc0bb5e0baf165f6a623a7f748a91ce19e1b4

MD5 hash:

f83efadbe93c9c3de8b42cbd3e5c4eee

SHA1 hash:

a7d1997a54489af5022c7a538e0a2d85b6e6121c

Link:

https://www.unpac.me/results/4366df68-3db4-49c8-bcbd-ad3dbb162040/

SH256 hash:

3424d9f148ab29327b7eecda5903850b8757917de822c035499d656ce1095b9e

MD5 hash:

a623bbc5b90549f8caeeaaaa2be360f9

SHA1 hash:

9d0b2e6fbab68bddb343d2051152e25e73b06317

Link:

https://www.unpac.me/results/4366df68-3db4-49c8-bcbd-ad3dbb162040/

SH256 hash:

44abb0cbabfbb29e509c96e118ffc6aeeb09098131047a3e7aa603524eeef5c2

MD5 hash:

bc5b50509dd15e78d3e95bf5d1ae17f7

SHA1 hash:

a863182fc9dda97ddd03b051ede1776582ee3f66

Link:

https://www.unpac.me/results/4366df68-3db4-49c8-bcbd-ad3dbb162040/

SH256 hash:

410d4ffe1fb77c7ab131b1b02f8791d9cf2c7238c3b0f15d00673ea7fe9f2ca3

MD5 hash:

c6390a8f20ee05a548bc4f5b78a805ba

SHA1 hash:

6b6877f519dcad28baf104dc8e9bcaf451c9cece

Link:

https://www.unpac.me/results/4366df68-3db4-49c8-bcbd-ad3dbb162040/

SH256 hash:

5981ea5537848c1e819fec30a26ba0e7f4fba3b315ea3bdbf8beca997adfc78a

MD5 hash:

e0cc5dd8eb5232a90f8269d4f6b5e41d

SHA1 hash:

0869d68316f573daea25700908b733b9c60d5661

Link:

https://www.unpac.me/results/4366df68-3db4-49c8-bcbd-ad3dbb162040/

SH256 hash:

fc051567749bbe97891952a399eb50a2aa4afa360e3fda30fd11e5e44c228f46

MD5 hash:

8b2902c746adba0bc5afd066c1dd0adb

SHA1 hash:

493fd8f1a6b08b0a96a73c3a83ce9b112eae5f74

Link:

https://www.unpac.me/results/4366df68-3db4-49c8-bcbd-ad3dbb162040/

SH256 hash:

52b8d2a1a27e742f26e55783e0c4de49ab3cc8ce0802e81776f4277576898ba2

MD5 hash:

d069ecd1fd4dbed305920ee73d84feba

SHA1 hash:

feca0a6ff1bf745fcb476aaa609fcf17264b5520

Link:

https://www.unpac.me/results/4366df68-3db4-49c8-bcbd-ad3dbb162040/

SH256 hash:

50bec1aabd842b5acbccf0a49b00a0ee017a47cd96408084148be8d8b5b37a8b

MD5 hash:

729633805c75e398aaa0b63adf766ab3

SHA1 hash:

13c423c0d5d505328b7790a6bc534e8599b0ee96

Link:

https://www.unpac.me/results/4366df68-3db4-49c8-bcbd-ad3dbb162040/

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample