MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 743826d85a6d09cc72c7502f8b887fc1bcdc77428f057aadee0dd1afd5b8f392. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 743826d85a6d09cc72c7502f8b887fc1bcdc77428f057aadee0dd1afd5b8f392
SHA3-384 hash: 44a53849840894be511167fde554ab83df055d0c390b40d77cc001eb34db567bf424af5f95eabc98ad24b2daac4580c1
SHA1 hash: a0e8d8ebd9274f0713eebec9ff6315d6660caf07
MD5 hash: 18b0d81cdf4ee7ee350a272642c568c8
humanhash: equal-lemon-arizona-monkey
File name:a2f62c674fb797776452f9cfdf124dc7
Download: download sample
File size:212'992 bytes
First seen:2020-11-17 14:04:32 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 03ae0108c7455c49c94d2d60afa1e57a (1 x Worm.Ramnit)
ssdeep 3072:RhWzi7s/Jkug/mBHRasCyKY11vG20ALQE5NPp5mT2WM/+V4pLthEjQT6j:RhYSJ/mlMWKY11uZE5Bp5maWHkEj1
Threatray 99 similar samples on MalwareBazaar
TLSH 7E248E02B1C0D89BD9B316700AF396949A7EFC31EB63811FB240772EEC36BA54A71755
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
54
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Zusy-9759518-0
Create hunting rule

Win.Malware.Razy-9759519-0
Create hunting rule

Win.Malware.Zusy-9759529-0
Create hunting rule

Win.Trojan.Agent-1381405
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Creating a file in the Windows directory
Creating a file in the Windows subdirectories
Running batch commands
Creating a process with a hidden window
Creating a process from a recently created file
Sending a UDP request
Launching the default Windows debugger (dwwin.exe)
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Enabling autorun by creating a file
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/743826d85a6d09cc72c7502f8b887fc1bcdc77428f057aadee0dd1afd5b8f392/
Threat name:
Win32.Trojan.Aenjaris
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 14:05:19 UTC
AV detection:
26 of 28 (92.86%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
03a54d3b7cf0d1f321fcb5453df8a03ce9578f6c807611ba00ce0fa27711e2c6
1473388d4a4056bbc7ef3a0c2f9dbfedcef34d224efb75a285a70b21e0fa5c81
3fba18cd0da590c6e176aad69b89f3cec04f0f5dccf9a5d9788b5b9321269198
8898ce01761e5d52855090f46470430143457d2ac26993dc1ccf60f68e5443ef
9dd41de95c73c14fe51a5ec3955d93809f7e30dc558bb5d1e47fa2e7ff4be8f9
a3d25311c094426327b4080e6407775575e36e0011515132e5c8e6678f150024
bcacc8ff565ff1c5450dbcb891ddcec02e1106edcc2ac8af7c5dc880a3aaed5a
bf299c5b6f4f84968ee0cb802d1bf8823ffd088c463e31f6caa8c02c0ac4269b
c2205d73ef491fdebfed566b39b5a7f0a0a782c2b0c37e4b08a01f6d93830d24
f779c894c6888ba9ce5d0011c1af73dc0f55b087244b3608fd0de3152bf1929a
+ 89 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
persistence
Link:
https://tria.ge/reports/201117-8h48btlala/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Program crash
Drops file in Windows directory
Drops file in System32 directory
Adds Run key to start application
Drops startup file
Loads dropped DLL
Executes dropped EXE
ServiceHost packer
Suspicious use of NtCreateProcessExOtherParentProcess
Unpacked files
SH256 hash:
743826d85a6d09cc72c7502f8b887fc1bcdc77428f057aadee0dd1afd5b8f392
MD5 hash:
18b0d81cdf4ee7ee350a272642c568c8
SHA1 hash:
a0e8d8ebd9274f0713eebec9ff6315d6660caf07
Link:
https://www.unpac.me/results/d5320864-0438-4388-844e-541c4ddf5811/
SH256 hash:
5377ed7dea7788cdbe4bdd20199a9747b9f38c7cb333c9a931e319bec426f850
MD5 hash:
3822910a0f7bc157ae60b476b0684f24
SHA1 hash:
482f920179edee0b0429a382d64780450bdc1455
Link:
https://www.unpac.me/results/d5320864-0438-4388-844e-541c4ddf5811/
SH256 hash:
3c2a95e98c5d37d15450f1df53bb08d65b2642099ce770f015183c502763a392
MD5 hash:
d8109343ce62f50477d186c0d5b89505
SHA1 hash:
b293c7c67d45b3d1767417d7ca6921e993a5138a
Link:
https://www.unpac.me/results/d5320864-0438-4388-844e-541c4ddf5811/
SH256 hash:
6162aae2eb5a3d77c72ef910970663a9a963ac36839d1473debd415c7d824964
MD5 hash:
533f0d0a7043d5b055801430986411d3
SHA1 hash:
8b4cfbc977e80a6ce8440e9802b17182788f2624
Link:
https://www.unpac.me/results/d5320864-0438-4388-844e-541c4ddf5811/
SH256 hash:
6d791a2df894820451c774b37c4107b0478f4ff36cb924aeffd498156de7378d
MD5 hash:
56164b1de102989fbcc2dd7e0be874f7
SHA1 hash:
1c95192b998564748caf23e7256c505918b4659f
Link:
https://www.unpac.me/results/d5320864-0438-4388-844e-541c4ddf5811/
SH256 hash:
8e9497b39d6bcdbe5de194268ca224ef5adf767f508ca65fdc80ad2e6a6e0caa
MD5 hash:
197d6503b2ae80520992863db4126203
SHA1 hash:
3129f83b288c07874f91eed12290d6a8b2c32b32
Link:
https://www.unpac.me/results/d5320864-0438-4388-844e-541c4ddf5811/
SH256 hash:
8f49c57080e16c99be06c1f3f292d387dc7c77ac77ce31f699598fb294136eac
MD5 hash:
432f4c38991139562df7f56e7d277d87
SHA1 hash:
0f6f657d6841f464078dc331441152abe595a346
Link:
https://www.unpac.me/results/d5320864-0438-4388-844e-541c4ddf5811/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments