MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4e24bef504680e9e50789cc91152b566d5203a396044ba599baa57d8725d3db4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	4e24bef504680e9e50789cc91152b566d5203a396044ba599baa57d8725d3db4
SHA3-384 hash:	29baa4c34e5c228a211e6f55b2fa0d1ca0dcda23540bda58b62d5ebd86b35f337d6bf94bca92758d5b696ac2ab6857de
SHA1 hash:	eae4e60434ec249bf410580d7b677df95b8f368f
MD5 hash:	b453ebe5e50e58c0c7609d55fbaf000f
humanhash:	texas-victor-delaware-blue
File name:	4e24bef504680e9e50789cc91152b566d5203a396044ba599baa57d8725d3db4
Download:	download sample
File size:	212'992 bytes
First seen:	2020-11-07 20:02:11 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	03ae0108c7455c49c94d2d60afa1e57a (1 x Worm.Ramnit)
ssdeep	3072:LSRZAjrnrqPZPHbrIhixhSWRGPwuVG4q1bD1Jg+QU37k4pLthEjQT6j:LSMjrrqdr9CPpA19J0EIkEj1
Threatray	16 similar samples on MalwareBazaar
TLSH	61246D5F3E5E8005F0BB623488D3DAA81AA9FCA35FA6931FF640738D28376985D50774
Reporter	seifreed

Intelligence

File Origin

# of uploads :

1

# of downloads :

58

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Malware.Razy-9759519-0

Win.Malware.Zusy-9759529-0

Win.Trojan.Agent-1381405

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

Creating a window

Creating a file in the Windows subdirectories

Running batch commands

Creating a process with a hidden window

Launching the default Windows debugger (dwwin.exe)

Creating a process from a recently created file

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/4e24bef504680e9e50789cc91152b566d5203a396044ba599baa57d8725d3db4/

Threat name:

Win32.Trojan.Aenjaris

Status:

Malicious

First seen:

2020-11-07 22:52:25 UTC

AV detection:

41 of 48 (85.42%)

Threat level:

5/5

Verdict:

unknown

Similar samples:

1a93cf78a6d4918994f0be8b3274699d8e1d5e63fe545421c64c2471bfe72b04

7032d75528fb43e62f05145e67531fd265917263438c70d206e4d6618ed46595

73d58375aa520c069350d52076feb7f6932664d54b879658f73c584b618b473b

7e5e490596ac07c6ab480f9417e9d602d507dc95043f3deb8dec54d505a806ef

aca74c0ff8bb942780f7c8a68545e056ee5b3c28ef3fb7c3bc91c2dfc2b0de36

b8a835417aa6b34057119f4f27b6dd467923f0cf5ecb56e01f7299c154516dd4

c2205d73ef491fdebfed566b39b5a7f0a0a782c2b0c37e4b08a01f6d93830d24

ecc37a9eaf5d4f701b0426f318c7a58e876f0f807b48a21e79044fb4e545f3c8

ed3a2eadc4f34ceda21234a71c74e18e95e673976f9277f3268c5c80930908bc

fe4be777ff77142b3756e3868c106d81b0e965ad80851fa9aa18ada580dace18

+ 6 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

10/10

Tags:

n/a

Link:

https://tria.ge/reports/201108-av28yrzcvn/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Program crash

Drops file in System32 directory

Loads dropped DLL

Executes dropped EXE

ServiceHost packer

Suspicious use of NtCreateProcessExOtherParentProcess

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample