MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 784c771b4eeaaf909fba8a13576fa117604ce9bc5e6131b9352888ba6aed77a7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	784c771b4eeaaf909fba8a13576fa117604ce9bc5e6131b9352888ba6aed77a7
SHA3-384 hash:	44c662d294ba31e090b5f06df8f7abc6106f749ce453c1709f127dbcd54233aca5659d53e8e5763698171e29caf66fa8
SHA1 hash:	db3d031c823e06196b82d98fc22c34ea5e245ec0
MD5 hash:	a17595e9904acc27d06956f1698f6023
humanhash:	seventeen-delta-solar-leopard
File name:	a17595e9904acc27d06956f1698f6023
Download:	download sample
File size:	212'992 bytes
First seen:	2020-11-17 11:59:36 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	03ae0108c7455c49c94d2d60afa1e57a (1 x Worm.Ramnit)
ssdeep	3072:a8i/v5JMANZbxrXU9xiwXakr4rknu8HJklH24pLthEjQT6j:5ixNNxrXazArz8HJi2kEj1
Threatray	122 similar samples on MalwareBazaar
TLSH	61248C167E058503D1E762349DC3A6A4492ABC306BF1A11B3B9DB78EA832F05FE5C735
Reporter	seifreed

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Malware.Razy-9759519-0

Win.Malware.Zusy-9759529-0

Win.Trojan.Agent-1381405

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Creating a file in the Windows directory

Running batch commands

Creating a process with a hidden window

Creating a file in the Windows subdirectories

Creating a process from a recently created file

Launching the default Windows debugger (dwwin.exe)

Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch

Enabling autorun by creating a file

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/784c771b4eeaaf909fba8a13576fa117604ce9bc5e6131b9352888ba6aed77a7/

Threat name:

Win32.Trojan.Aenjaris

Status:

Malicious

First seen:

2020-11-07 08:53:00 UTC

AV detection:

27 of 29 (93.10%)

Threat level:

5/5

Verdict:

unknown

243622c63f013c1ce6779a8539daffc7cf3e40d64b2a1df6ef2e22b85e9be92d

431e04000c1801546db8cf059a636154715eb3ff7f6d715a15f91ac8f94979a0

6b123a7f279751561a329fc9fb56d41fcf7a53d15fc6d0e638099fe9e844d962

798e842411486fafd06c7bb156cfb9648c71a627f39b2f2ff94001092886987a

900d305e4eb3d0b0f7fce699b867f0a2edab7d51e22e942a0a2b4ea81a982aad

9dc9e84417abae2d03346b9855469e751126477b52412bf9eff8f7aa09bb35ab

9e0d8b40ee55e5b66d3b79984a66bdaf38ba2c1cb33c8d88f5b504f8e31ed421

a5f93821146779fef62c348b5707a187d4fb52aa924fa8b1ba5a86eee5167b50

fa86d2cd7e9281b198093a0a310c18b326c3dfbeaeb61d7e8ebd7be8a9f8d342

+ 112 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

10/10

Tags:

persistence

Link:

https://tria.ge/reports/201117-wcj3pfzzbs/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Program crash

Drops file in Windows directory

Drops file in System32 directory

Adds Run key to start application

Drops startup file

Loads dropped DLL

Executes dropped EXE

ServiceHost packer

Suspicious use of NtCreateProcessExOtherParentProcess

Unpacked files

SH256 hash:

784c771b4eeaaf909fba8a13576fa117604ce9bc5e6131b9352888ba6aed77a7

MD5 hash:

a17595e9904acc27d06956f1698f6023

SHA1 hash:

db3d031c823e06196b82d98fc22c34ea5e245ec0

Link:

https://www.unpac.me/results/fcfa61b4-6a6b-4ba1-8812-4728d958fbff/

SH256 hash:

49ee4d1b0a4ee4b1f62a7544e7b5c270a6228f2d841c674b5dbfc0fe611d1173

MD5 hash:

2552ea6ef786a970babd85787941884f

SHA1 hash:

f944d62e1e7f6b640394b0342411225f5a015e33

Link:

https://www.unpac.me/results/fcfa61b4-6a6b-4ba1-8812-4728d958fbff/

SH256 hash:

e190bb45525968851198b22ca740569effe43c152f8b78eed4513b2bffce333f

MD5 hash:

8aa584dee5355b41106874907f9c9e5a

SHA1 hash:

27ff24530539934ad4978fccba9a31bfbd6e9ac6

Link:

https://www.unpac.me/results/fcfa61b4-6a6b-4ba1-8812-4728d958fbff/

SH256 hash:

600090a8e690e02f3057fe33a99b5c317894ff2484645d3ebb0beb81eefa97b0

MD5 hash:

0f2c86326fc1765c8c3f87f562f1b305

SHA1 hash:

2ca51ec55b6e8862e2a38a9ae9d022bccf890418

Link:

https://www.unpac.me/results/fcfa61b4-6a6b-4ba1-8812-4728d958fbff/

SH256 hash:

ba384268a7f179bde040635acc7d086e84d1d7b8687f9cb8099a23c0ad587e56

MD5 hash:

efdc7148d09c0d0c91851134defd403e

SHA1 hash:

27f004db80e4cee9e4f913155e671f46645e81d2

Link:

https://www.unpac.me/results/fcfa61b4-6a6b-4ba1-8812-4728d958fbff/

SH256 hash:

deae58a757898f6ba4dd5b80dda0ef287af1b715ad3502408f154333aae1974d

MD5 hash:

f0319a7c1a62093b27f6fc43f6142073

SHA1 hash:

438da0ffffeb2d2605680c32776265ed25b83437

Link:

https://www.unpac.me/results/fcfa61b4-6a6b-4ba1-8812-4728d958fbff/

SH256 hash:

a55d86f4728e24731c4b7e4655ca7c66b5fb9f0f86b9ebbb9f9ee84a1584fa2d

MD5 hash:

9f5a236560c7c80775adf2832c8d05cb

SHA1 hash:

cadd39318308b9f3526cf211ec9a9bd6143ab724

Link:

https://www.unpac.me/results/fcfa61b4-6a6b-4ba1-8812-4728d958fbff/

SH256 hash:

4c62cc3edad2395d7f5209cf308121d886210cb9b042f7c22771fccdccebefe5

MD5 hash:

0cbc2a0a2d9985f4e6ad931f94e3e299

SHA1 hash:

8b229a442d5b009585c2fd3aaf89b0663f721ec7

Link:

https://www.unpac.me/results/fcfa61b4-6a6b-4ba1-8812-4728d958fbff/

SH256 hash:

99e3f5b06a77ec58f0403b3ff22cdf6c044c17da97be26e218b908646741d414

MD5 hash:

da28338c2e0e91a732eea3076176c684

SHA1 hash:

75eff3476bd06203116b0971e689660edcc56b3d

Link:

https://www.unpac.me/results/fcfa61b4-6a6b-4ba1-8812-4728d958fbff/

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample