MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5b219e2aa3f03312247a68054f84377924a796d9350116b7879738b6f882f809. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5b219e2aa3f03312247a68054f84377924a796d9350116b7879738b6f882f809
SHA3-384 hash: 47dd0b5c8a53d859a27d964b3a31f6e9aebaf0bc7be45663e8f6261c501f8afd1a04eaa41256aad140e8474334961354
SHA1 hash: 6aa7385042d21913f7b4095b5b45d922580d31fa
MD5 hash: 4df91d8ba79c61322cbbbf9655921920
humanhash: romeo-queen-happy-beryllium
File name:a77524549141934738223a5d636835f8
Download: download sample
File size:212'992 bytes
First seen:2020-11-17 15:45:10 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 03ae0108c7455c49c94d2d60afa1e57a (1 x Worm.Ramnit)
ssdeep 3072:RhWzi7s/Jkug/mBHRasCyKY11vW20AL3E5NPp5+T2WM/+F4pLthEjQT6j:RhYSJ/mlMWKY11e+E5Bp5+aWLkEj1
Threatray 187 similar samples on MalwareBazaar
TLSH F5248E02B1C0D89BD9B316700AF396949A7EFC31EB63811FB240772EEC36BA54A71755
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
58
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Zusy-9759518-0
Create hunting rule

Win.Malware.Razy-9759519-0
Create hunting rule

Win.Malware.Zusy-9759529-0
Create hunting rule

Win.Trojan.Agent-1381405
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Creating a file in the Windows subdirectories
Running batch commands
Creating a process with a hidden window
Creating a file in the Windows directory
Creating a process from a recently created file
Launching the default Windows debugger (dwwin.exe)
Sending a UDP request
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Enabling autorun by creating a file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5b219e2aa3f03312247a68054f84377924a796d9350116b7879738b6f882f809/
Threat name:
Win32.Trojan.Aenjaris
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 15:54:37 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
0cad84b3e79d393c7eee41f9d14a1f8ebbeffca24911c63814f3ce1bf1c0523b
0f3750ad15660c490b362e4ef40d1eadd1fe8381e6bcb07db32f5a6cc77aebc6
58639b1e453b9b9e40e3cc5f338f04a22d95b707d2b09102954fb7a6794c0aab
600bce786b41a7f5dbf3ca746435c98ac2ddef5f4753322c09c43c550ca1cfcc
6a972b99e24b3e9c6f7db8900b2b682cf0a77c5e8be24ded64fa6ea0ee42e846
a3d25311c094426327b4080e6407775575e36e0011515132e5c8e6678f150024
bf299c5b6f4f84968ee0cb802d1bf8823ffd088c463e31f6caa8c02c0ac4269b
c2205d73ef491fdebfed566b39b5a7f0a0a782c2b0c37e4b08a01f6d93830d24
c8c311b17f9f35117abf0a17d28eebe2529c5a7182146cc6c028d73b4c77184b
e38de8ec5fb30a4a55917e568982b2a630535c0f5a6bb54cbbb247f5b0425e49
+ 177 additional samples on MalwareBazaar
Unpacked files
SH256 hash:
5b219e2aa3f03312247a68054f84377924a796d9350116b7879738b6f882f809
MD5 hash:
4df91d8ba79c61322cbbbf9655921920
SHA1 hash:
6aa7385042d21913f7b4095b5b45d922580d31fa
Link:
https://www.unpac.me/results/9e6501ff-6db8-4a5d-8f5c-d4f31146f678/
SH256 hash:
5cd058bd7851bc6ec19cb0b90fcb16cb51389a38f25c279ff6b98b7e42f185c8
MD5 hash:
d97a4cfa777e4685fd2a322d96202fa2
SHA1 hash:
c637e8012cd0b9a6bde9948356c168959af1215b
Link:
https://www.unpac.me/results/9e6501ff-6db8-4a5d-8f5c-d4f31146f678/
SH256 hash:
bdecd0e8287e89b6a8cc2cd4ad60b73cf622ba842ad23ede7ab8c437654abfc9
MD5 hash:
af2dbb150eae7cc3eaeefba5d4334f22
SHA1 hash:
d13156911b7d9b248b725c53694d7146e2559851
Link:
https://www.unpac.me/results/9e6501ff-6db8-4a5d-8f5c-d4f31146f678/
SH256 hash:
96a11cfcf9c4902fa74cd61135ad798fbdbbf1d4bf67aaf3a1258cf489af3e9a
MD5 hash:
ac40f9435c5ef66e4619732e25d07d70
SHA1 hash:
347c92883b57242009d91f1593bc24ead5909946
Link:
https://www.unpac.me/results/9e6501ff-6db8-4a5d-8f5c-d4f31146f678/
SH256 hash:
6075bea6938101a950e2d4a1165be6780f2e197c5e641662214573a2fd3efd25
MD5 hash:
339e0a47b8f6a190dfa6bb4ef789e206
SHA1 hash:
2f626ca04202d3570c883c5ae899fd69a89544ac
Link:
https://www.unpac.me/results/9e6501ff-6db8-4a5d-8f5c-d4f31146f678/
SH256 hash:
c20474d41bf68b276de82b68db6027c3f43555489881f963502b9ef04be2ee8f
MD5 hash:
ad123ea063c2f5af5d040faaa92decc9
SHA1 hash:
cfbfb4944d3d7f1ca0d53287a0be183fef1f89c2
Link:
https://www.unpac.me/results/9e6501ff-6db8-4a5d-8f5c-d4f31146f678/
SH256 hash:
d22050c3ca0c074931fcb445a668851870409b41de9eaa9c4e24f2272882b2a6
MD5 hash:
38294474c1b19e9a025ec5a98167b84e
SHA1 hash:
5ffa1f9470f6f3fb3285b3914d9d63a15d6888d9
Link:
https://www.unpac.me/results/9e6501ff-6db8-4a5d-8f5c-d4f31146f678/
SH256 hash:
fdca753015955f8f6411fc26ba0b906bf8a6e60623f5705a87051f9b92a8ac50
MD5 hash:
940ada6b5dc1d13e17f44b5aba6a34c4
SHA1 hash:
d135b1e9d9b15d1d158df6f4731830fc55b70217
Link:
https://www.unpac.me/results/9e6501ff-6db8-4a5d-8f5c-d4f31146f678/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments