MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6b123a7f279751561a329fc9fb56d41fcf7a53d15fc6d0e638099fe9e844d962. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	6b123a7f279751561a329fc9fb56d41fcf7a53d15fc6d0e638099fe9e844d962
SHA3-384 hash:	0c5073622a94298344a40cea7a83fa61c9074784e15ecdd7f4ccdcabf8734adcf9d8dc611446e936a4c87b93e311a909
SHA1 hash:	96b2c564437f1844095a7774faa2b4ee0942ff4e
MD5 hash:	a22ada4ad5cf27f22801b64d407939db
humanhash:	minnesota-blue-neptune-friend
File name:	a22ada4ad5cf27f22801b64d407939db
Download:	download sample
File size:	212'992 bytes
First seen:	2020-11-17 11:44:17 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	03ae0108c7455c49c94d2d60afa1e57a (1 x Worm.Ramnit)
ssdeep	3072:dXt7xk3GiqAEVJr1hwi4CzI3PQHVFdM4RUo04NN4pLthEjQT6j:f7C3GHVFwi1zI3PYLC4/fNNkEj1
Threatray	135 similar samples on MalwareBazaar
TLSH	6C248D827AA18E02D0A72B304CDB57683639FC32BF61539BF740779D2EB26C5681675C
Reporter	seifreed

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Malware.Razy-9759519-0

Win.Malware.Zusy-9759529-0

Win.Trojan.Agent-1381405

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Creating a file in the Windows subdirectories

Running batch commands

Creating a process with a hidden window

Creating a process from a recently created file

Creating a file in the Windows directory

Launching the default Windows debugger (dwwin.exe)

Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch

Enabling autorun by creating a file

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/6b123a7f279751561a329fc9fb56d41fcf7a53d15fc6d0e638099fe9e844d962/

Threat name:

Win32.Trojan.Aenjaris

Status:

Malicious

First seen:

2020-11-08 13:04:00 UTC

AV detection:

27 of 29 (93.10%)

Threat level:

5/5

Verdict:

unknown

3489890a5ab8bae3ddf84a826ba98c48fab102defcd3d727c6450a8bbb757fbc

431e04000c1801546db8cf059a636154715eb3ff7f6d715a15f91ac8f94979a0

6bd4a889a26f81775904f7f53a6761ff920d866d04746a4fd7e551d1a9318b4f

784c771b4eeaaf909fba8a13576fa117604ce9bc5e6131b9352888ba6aed77a7

900d305e4eb3d0b0f7fce699b867f0a2edab7d51e22e942a0a2b4ea81a982aad

9e0d8b40ee55e5b66d3b79984a66bdaf38ba2c1cb33c8d88f5b504f8e31ed421

a5f93821146779fef62c348b5707a187d4fb52aa924fa8b1ba5a86eee5167b50

cab7247a6c9f5dd74b47d3c5a29986a88c35a38250cbb9c2db8eaced207ebfb3

fa86d2cd7e9281b198093a0a310c18b326c3dfbeaeb61d7e8ebd7be8a9f8d342

+ 125 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

9/10

Tags:

persistence

Link:

https://tria.ge/reports/201117-q27rgz1taa/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Program crash

Drops file in Windows directory

Drops file in System32 directory

Adds Run key to start application

Drops startup file

Loads dropped DLL

Executes dropped EXE

ServiceHost packer

Unpacked files

SH256 hash:

1cd35d483543f9e6a3fd30cad8a9b0e6dc2f0388582ff144e75018fb45d9346b

MD5 hash:

098bac514de0808a59c8d990e5e3e895

SHA1 hash:

1ee8b10ff9f570798ab13935be5abd933c7c8330

Link:

https://www.unpac.me/results/0f576616-7512-4938-aba8-1670fd771a44/

SH256 hash:

5c85a6e5a47e84530c0bc27f2944a41e2ab1ff276062992e60feac3ddaeda517

MD5 hash:

5e2d3d4a0b68f92edde127006df0ef04

SHA1 hash:

a26526071d7b5cc60969f4e94ee09f7c3d01ccd3

Link:

https://www.unpac.me/results/0f576616-7512-4938-aba8-1670fd771a44/

SH256 hash:

9052d08f91fdad27e467b2eb366a666c5b55347f767a690c750921fc22ce5b1a

MD5 hash:

42ecc5750168b359bf1182f9942a21c5

SHA1 hash:

a18cba2aa45c011f47764cb324b4327457d2d4ff

Link:

https://www.unpac.me/results/0f576616-7512-4938-aba8-1670fd771a44/

SH256 hash:

6b123a7f279751561a329fc9fb56d41fcf7a53d15fc6d0e638099fe9e844d962

MD5 hash:

a22ada4ad5cf27f22801b64d407939db

SHA1 hash:

96b2c564437f1844095a7774faa2b4ee0942ff4e

Link:

https://www.unpac.me/results/0f576616-7512-4938-aba8-1670fd771a44/

SH256 hash:

433ed92367f9f56eb55bb8c50b2a5bc2a43455014de3f975522690d20dd7e206

MD5 hash:

1be6519134c4632a48300b1af0f42b57

SHA1 hash:

68c57c55e4c1050baf750e217bc3118e64171055

Link:

https://www.unpac.me/results/0f576616-7512-4938-aba8-1670fd771a44/

SH256 hash:

6d154b6edc87197150f1021ba2f9c21ea56570f53f82e38cbc41d1c20e853e1c

MD5 hash:

3f718777818ffdc267c1fa16e4e64695

SHA1 hash:

aa48d0525f8b123f79fafcedca403d068ab48475

Link:

https://www.unpac.me/results/0f576616-7512-4938-aba8-1670fd771a44/

SH256 hash:

8eb6874658d6add8ee39013c65e1776d789fb8763e18070e1c4b1b46a8353a3c

MD5 hash:

87ae380476a9945c108264fd5ca63996

SHA1 hash:

b2a0e85fba6d35288d5b3987d7e186bc28336abc

Link:

https://www.unpac.me/results/0f576616-7512-4938-aba8-1670fd771a44/

SH256 hash:

15152dca99a73cdcb38cb7307fb48087b9c8ebd197c3a6b2444bc3c7626496f4

MD5 hash:

d1b27df75507f32898ba6736a4472673

SHA1 hash:

7c1134509467afc41da1832be422daccfa0f43dc

Link:

https://www.unpac.me/results/0f576616-7512-4938-aba8-1670fd771a44/

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample