MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 58639b1e453b9b9e40e3cc5f338f04a22d95b707d2b09102954fb7a6794c0aab. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 58639b1e453b9b9e40e3cc5f338f04a22d95b707d2b09102954fb7a6794c0aab
SHA3-384 hash: 38a3cec60de05a9f542e154786db912a30565f753966a1483a5abc9cfbd9a5e91fcc1cd36b2c12685627e47e12127f2f
SHA1 hash: 56915951eba06c29cb91e187b4fa7768dd78a132
MD5 hash: 9e87e3022081202e9c02017dbf9a47cc
humanhash: sierra-colorado-wolfram-hotel
File name:a5dd2ab85bd012254975b6e0c292ab96
Download: download sample
File size:212'992 bytes
First seen:2020-11-17 15:09:30 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 03ae0108c7455c49c94d2d60afa1e57a (1 x Worm.Ramnit)
ssdeep 3072:RhWzi7s/Jkug/mBHRasCyKY11PW20ALoE5NPp5+T2WM/+J4pLthEjQT6j:RhYSJ/mlMWKY11+xE5Bp5+aWfkEj1
Threatray 150 similar samples on MalwareBazaar
TLSH B2248E02B1C0D89BD9B316700AF396949A7EFC31EB63811FB240772EEC36BA54A71755
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Zusy-9759518-0
Create hunting rule

Win.Malware.Razy-9759519-0
Create hunting rule

Win.Malware.Zusy-9759529-0
Create hunting rule

Win.Trojan.Agent-1381405
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the Windows directory
Creating a window
Creating a file in the Windows subdirectories
Running batch commands
Creating a process with a hidden window
Launching the default Windows debugger (dwwin.exe)
Creating a process from a recently created file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/58639b1e453b9b9e40e3cc5f338f04a22d95b707d2b09102954fb7a6794c0aab/
Threat name:
Win32.Trojan.Aenjaris
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 15:20:30 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
088fb74bd478543cca2e9746a1f86f84cefbc5876137c09bbe53e6f3e79fda9c
600bce786b41a7f5dbf3ca746435c98ac2ddef5f4753322c09c43c550ca1cfcc
743826d85a6d09cc72c7502f8b887fc1bcdc77428f057aadee0dd1afd5b8f392
a3d25311c094426327b4080e6407775575e36e0011515132e5c8e6678f150024
ac422920d62f5ec2f60b667d561f5a50448982e42b7b03f5dee364c2bfb9d40f
b07f8a3235234b38405b57fe41af7c8f89c46b091cc0b3cb8670cb5337d7b4fa
bf299c5b6f4f84968ee0cb802d1bf8823ffd088c463e31f6caa8c02c0ac4269b
c2205d73ef491fdebfed566b39b5a7f0a0a782c2b0c37e4b08a01f6d93830d24
c8c311b17f9f35117abf0a17d28eebe2529c5a7182146cc6c028d73b4c77184b
f0e9d1f4d3c8bceb62949372616ab9cba3345e691b440e3c94e11e2f8808a823
+ 140 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Link:
https://tria.ge/reports/201117-3wlakfw3q2/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Program crash
Drops file in Windows directory
Drops file in System32 directory
Executes dropped EXE
ServiceHost packer
Suspicious use of NtCreateProcessExOtherParentProcess
Unpacked files
SH256 hash:
58639b1e453b9b9e40e3cc5f338f04a22d95b707d2b09102954fb7a6794c0aab
MD5 hash:
9e87e3022081202e9c02017dbf9a47cc
SHA1 hash:
56915951eba06c29cb91e187b4fa7768dd78a132
Link:
https://www.unpac.me/results/f9a0712c-0a19-4eb4-bd14-51732d790b0f/
SH256 hash:
8e7001f8c080669cbf993c3b84de118c464126a9ba171674253b128f9298d345
MD5 hash:
f6334a34eae6c098f4b22d0473e7eaa2
SHA1 hash:
b6268fbb53690f60735fa8692aa14d71ac5b37bd
Link:
https://www.unpac.me/results/f9a0712c-0a19-4eb4-bd14-51732d790b0f/
SH256 hash:
0b3925d197bfb7b7ab890655b931bf0c8ba1b4c1c3f735ae4e7aad47b011c6d7
MD5 hash:
fbd2069e2641dcf0cc3e747f9638637d
SHA1 hash:
b4136d9d86548245ae7735de82e740d36d9d1497
Link:
https://www.unpac.me/results/f9a0712c-0a19-4eb4-bd14-51732d790b0f/
SH256 hash:
66f7fe2be8446ba25abb1521ea56daefb0d28a58672c1c12e299f3ef5ab121bf
MD5 hash:
0b2e472002cd4776e096df898db17414
SHA1 hash:
ec8d029505f40c5999725d2e6a40c3b86d7ccdf8
Link:
https://www.unpac.me/results/f9a0712c-0a19-4eb4-bd14-51732d790b0f/
SH256 hash:
a2b36c306bdcdd3dde2e247ee92b741dae4545b89b6d555cc7a0379ed9770a01
MD5 hash:
c86e3a977d1b206cd333f26daba05a6e
SHA1 hash:
0a74094887e9159f777208017e720c240f47782c
Link:
https://www.unpac.me/results/f9a0712c-0a19-4eb4-bd14-51732d790b0f/
SH256 hash:
bed65bbfff3868037c21be4d6e39e94cdb9a084bbbe745f0a924f34a7751d495
MD5 hash:
a35e5323a29a7cec374116c528e749dc
SHA1 hash:
99e5b1870494fcd502051d0a75b3df6872e95631
Link:
https://www.unpac.me/results/f9a0712c-0a19-4eb4-bd14-51732d790b0f/
SH256 hash:
df1c4079a9421cf32118405ca50e3b7fb03daca5134a0d88c9baf2c39e7de466
MD5 hash:
df553006e7ddaf1adc151769dcddea66
SHA1 hash:
be85961632552090e642c7c8bcc168fbb6b62b9a
Link:
https://www.unpac.me/results/f9a0712c-0a19-4eb4-bd14-51732d790b0f/
SH256 hash:
fa078f5f079d051086c03e2af6cc03d8fb03f1c4ce8c142c703e806b4193c8c4
MD5 hash:
8c871cc1e33dcead15ee2bb42072448e
SHA1 hash:
ece2e7ddef736f0f3dc5f6436848b494a98a43cb
Link:
https://www.unpac.me/results/f9a0712c-0a19-4eb4-bd14-51732d790b0f/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments