MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 46658a542b8a7dce30caacb538805ba6d88c6329afd072a986389929ede2a408. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	46658a542b8a7dce30caacb538805ba6d88c6329afd072a986389929ede2a408
SHA3-384 hash:	1bbff2c0763db62cf04c34e6db5263174ce9b6f8e2a7b54451db00946a6ee02ad7189f6c073d5ddc6d4dc18b4ca0bfe7
SHA1 hash:	a81d11cc47843fd4991aa4ad2051cbf5172d63ff
MD5 hash:	a2967d1e0a160f5f7c0b755e1bef00fc
humanhash:	violet-oranges-robert-pasta
File name:	a2967d1e0a160f5f7c0b755e1bef00fc
Download:	download sample
File size:	212'992 bytes
First seen:	2020-11-17 11:22:34 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	03ae0108c7455c49c94d2d60afa1e57a (1 x Worm.Ramnit)
ssdeep	3072:H9vKSvyVZbdSO5ZU2SArmK/iBG2+gzeVzeOZxNXq3eoMGF4pLthEjQT6j:dvKCyVZbEO5ZxSASK/OGDg0zzNCbkEj1
Threatray	20 similar samples on MalwareBazaar
TLSH	53248D96F390C996ED2347349CE68FE021667C6A4FFB821779097B1EAC323D044B9760
Reporter	seifreed

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Malware.Razy-9759519-0

Win.Malware.Zusy-9759529-0

Win.Trojan.Agent-1381405

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Creating a file in the Windows subdirectories

Running batch commands

Creating a process with a hidden window

Creating a process from a recently created file

Creating a file in the Windows directory

Launching the default Windows debugger (dwwin.exe)

Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch

Enabling autorun by creating a file

Result

Verdict:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/46658a542b8a7dce30caacb538805ba6d88c6329afd072a986389929ede2a408/

Threat name:

Win32.Trojan.Aenjaris

Status:

Malicious

First seen:

2020-11-08 07:30:00 UTC

AV detection:

26 of 28 (92.86%)

Threat level:

5/5

Verdict:

unknown

1678ed79e7ad6d5c009128fa4c0f8f083d8ba24ab0a23a2c079080ceb4ba790a

2e93116e3d1711bdb935538502d6dd229e13e16bc8ef555a71289a150aed17e1

324187c87edf4d100fd962f026828b0d838505120db40430fe471242f4b1522a

347cb099e70226ad94dd881735ef3939a47b8bbcd2316cc1aa4a6678a7702867

7032d75528fb43e62f05145e67531fd265917263438c70d206e4d6618ed46595

73d58375aa520c069350d52076feb7f6932664d54b879658f73c584b618b473b

9f69e4209459877bfd78e5de12c2d736ac04142c1ec1ddb94a38bc91a8e97a02

c2205d73ef491fdebfed566b39b5a7f0a0a782c2b0c37e4b08a01f6d93830d24

ed3a2eadc4f34ceda21234a71c74e18e95e673976f9277f3268c5c80930908bc

+ 10 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

10/10

Tags:

persistence

Link:

https://tria.ge/reports/201117-2sxfztrbk6/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Program crash

Drops file in Windows directory

Drops file in System32 directory

Adds Run key to start application

Drops startup file

Loads dropped DLL

Executes dropped EXE

ServiceHost packer

Suspicious use of NtCreateProcessExOtherParentProcess

Unpacked files

SH256 hash:

b704ee07820e5ce1c993572c1397eed16a3a7350ce2fec426635b3bb72c3703c

MD5 hash:

b60d7f00873fee340de33846fd61952c

SHA1 hash:

edb439f2afd508d009516681849e1d71536a9209

Link:

https://www.unpac.me/results/18e28d2f-aecf-43b9-a9fb-f0d84cf2f49c/

SH256 hash:

4b47c9012da4bc8394ae4015126e47d89adeddae5c518398da3db5d5afa69efb

MD5 hash:

5124450d7c70ec6af9b5a9a5099c5389

SHA1 hash:

25fb6e885dc89a5b8445151ba041649d9d9a530b

Link:

https://www.unpac.me/results/18e28d2f-aecf-43b9-a9fb-f0d84cf2f49c/

SH256 hash:

746625df8b1fb587997947b63c00af812ba1a4bcd51f8e4e83bd1e7e30d39b48

MD5 hash:

ba8a7fce2570250e924d392b9e667204

SHA1 hash:

90882530a14250e12e36034da7b1435d80efe8e1

Link:

https://www.unpac.me/results/18e28d2f-aecf-43b9-a9fb-f0d84cf2f49c/

SH256 hash:

995e53917430e1edbc486169e0a17e471f1e54e6ac686e6fb8f4528a5e29fa96

MD5 hash:

4c217c22836518519904eea634a3c399

SHA1 hash:

e7159663a98c506b150409df4ed209b33b5c6a4b

Link:

https://www.unpac.me/results/18e28d2f-aecf-43b9-a9fb-f0d84cf2f49c/

SH256 hash:

81c9cfb6ac7775007266ceaa7612fdb186cd5eb43a7179238b6313c7b894362a

MD5 hash:

a587abe14c6980a65986b04f7e4d0a8e

SHA1 hash:

4e59ed4e51af699361c68050c9a1459471500258

Link:

https://www.unpac.me/results/18e28d2f-aecf-43b9-a9fb-f0d84cf2f49c/

SH256 hash:

b6c605e09b6f3904d665dac95edffb0306a86d6c81ad7450f92caacb950ec5a2

MD5 hash:

31702162c13f6a8ca8bb8d708e233b58

SHA1 hash:

59ee4440e1800cd9dec4c914c4c66ba2a3669c7a

Link:

https://www.unpac.me/results/18e28d2f-aecf-43b9-a9fb-f0d84cf2f49c/

SH256 hash:

46658a542b8a7dce30caacb538805ba6d88c6329afd072a986389929ede2a408

MD5 hash:

a2967d1e0a160f5f7c0b755e1bef00fc

SHA1 hash:

a81d11cc47843fd4991aa4ad2051cbf5172d63ff

Link:

https://www.unpac.me/results/18e28d2f-aecf-43b9-a9fb-f0d84cf2f49c/

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample