MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 96ddebc097e2655621326374b0c6c4aa7dcf47ff97b5496b0bb136fdf8d2b130. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 96ddebc097e2655621326374b0c6c4aa7dcf47ff97b5496b0bb136fdf8d2b130
SHA3-384 hash: 1cccb6727df793ade45190593d99523f097a0cf17f2d8441288e3da9b7c1889c3e56d6c4a32860a01f3c8288723d88a2
SHA1 hash: 6b2b13d68c2c8bf828cfd0cd9910f4bcfc500027
MD5 hash: a2b8f3a6ef46d15af49ad4f4621fa337
humanhash: chicken-burger-artist-ten
File name:a2b8f3a6ef46d15af49ad4f4621fa337
Download: download sample
File size:212'992 bytes
First seen:2020-11-17 12:09:18 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 03ae0108c7455c49c94d2d60afa1e57a (1 x Worm.Ramnit)
ssdeep 3072:v0//fLt2xN0qmX0GFRLuK44AdfZl8Wx+4pLthEjQT6j:u7e0qmXFOK44o7lIkEj1
Threatray 90 similar samples on MalwareBazaar
TLSH F0248D10F6A7E567E4970839D9E286F807F9FC638736426F3E84331DACBA1594872721
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
52
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Razy-9759519-0
Create hunting rule

Win.Malware.Zusy-9759529-0
Create hunting rule

Win.Trojan.Agent-1381405
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Creating a file in the Windows directory
Running batch commands
Creating a process with a hidden window
Launching the default Windows debugger (dwwin.exe)
Creating a process from a recently created file
Creating a file in the Windows subdirectories
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/96ddebc097e2655621326374b0c6c4aa7dcf47ff97b5496b0bb136fdf8d2b130/
Threat name:
Win32.Trojan.Aenjaris
Create hunting rule
Status:
Malicious
First seen:
2020-11-07 09:06:00 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
0d81c64a88e6a5be04fe2b01fd872b7990c4e65becb31f1c5ad578dadff81a07
1473388d4a4056bbc7ef3a0c2f9dbfedcef34d224efb75a285a70b21e0fa5c81
14da1a1ccadf50f6599e7889e37627b7ebe383b1b482029f94cea57336e864b7
243622c63f013c1ce6779a8539daffc7cf3e40d64b2a1df6ef2e22b85e9be92d
2c1e6769208a36e6f5751565dd448673275c2a703aedeef144e49b7789cc9d95
66c00d5e1532a99fab52a11cada3080b96deff11c819139bede08a3568d4a5cb
798e842411486fafd06c7bb156cfb9648c71a627f39b2f2ff94001092886987a
9dc9e84417abae2d03346b9855469e751126477b52412bf9eff8f7aa09bb35ab
b40b78fc2ad18f2fed2fac1b32447003d407ecfb46d15ef62bb483fbd5a482d8
e464444282c39c8c849b32e50864ac28b2edb9d3ccf880a65d68db1b0c3e31dc
+ 80 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Link:
https://tria.ge/reports/201117-hs51jrfqax/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Program crash
Drops file in Windows directory
Drops file in System32 directory
Loads dropped DLL
Executes dropped EXE
ServiceHost packer
Suspicious use of NtCreateProcessExOtherParentProcess
Unpacked files
SH256 hash:
96ddebc097e2655621326374b0c6c4aa7dcf47ff97b5496b0bb136fdf8d2b130
MD5 hash:
a2b8f3a6ef46d15af49ad4f4621fa337
SHA1 hash:
6b2b13d68c2c8bf828cfd0cd9910f4bcfc500027
Link:
https://www.unpac.me/results/018ea9b8-4cff-4aef-9086-1779deb92a57/
SH256 hash:
ffd7699faae0abcf634b6660f3d3b28f43a1d988e3ba90ae27e2543b7ca659d8
MD5 hash:
2c31df4e9da20cf14f0a3e72dbb74750
SHA1 hash:
9f3fde6c9a6392526c7fa6b5e94491f793d80619
Link:
https://www.unpac.me/results/018ea9b8-4cff-4aef-9086-1779deb92a57/
SH256 hash:
47319e3fcbb3a5fd281a601c301c65a823eb049808c86437558abc093234eca5
MD5 hash:
409fce6ff3550f0e3ad1dcd6a2a4997c
SHA1 hash:
6dca25f442d50934880a74d2628db184610c4182
Link:
https://www.unpac.me/results/018ea9b8-4cff-4aef-9086-1779deb92a57/
SH256 hash:
588b403b1e3670b610b4b53c79ee7ea88f46c68a17b8e6efa31c2bcd552bf8f7
MD5 hash:
92d3248812025833e62cd1eeff81c1fc
SHA1 hash:
f5381dc48c1e199272711f9ab769fa16672afc52
Link:
https://www.unpac.me/results/018ea9b8-4cff-4aef-9086-1779deb92a57/
SH256 hash:
da38f371b5a86db5fb0335bc331c91e7bbce8a42baa56d72ce8b6347f3995a51
MD5 hash:
95098c385b462db5e12613f0c785982f
SHA1 hash:
c78f36c31067b14c25a72e060ea9a3ef58184e36
Link:
https://www.unpac.me/results/018ea9b8-4cff-4aef-9086-1779deb92a57/
SH256 hash:
59e03522f56f7950211abd8bb41e44412dd7e63540c784f7e32bb74205db3396
MD5 hash:
685a6b08f2619dcb15a3059e03805462
SHA1 hash:
8d2b5850759ff75377f6ddd4a85c68c36f6300bd
Link:
https://www.unpac.me/results/018ea9b8-4cff-4aef-9086-1779deb92a57/
SH256 hash:
2befd14669d359c36b8a08937bab3a83b9c30b348967447ac9ab018db4c8d60d
MD5 hash:
b072e6e66a77db30d8a68bbcb52466ac
SHA1 hash:
cb5b7675e219fce60845777f9bf29e360feba541
Link:
https://www.unpac.me/results/018ea9b8-4cff-4aef-9086-1779deb92a57/
SH256 hash:
75a1aa618859f9672b88084f997f32d518de3fcd966d18ee3abd293fe1d2cd9a
MD5 hash:
5462e765199259cdc3e7ebcfec29e22e
SHA1 hash:
9a147c77c1c86c46b607f2e4aaace5afcaa36fcd
Link:
https://www.unpac.me/results/018ea9b8-4cff-4aef-9086-1779deb92a57/
SH256 hash:
7add656ed1a6f41d909e15a8a5b5d397e8f5c64411409aa214ddeb9c821c35a4
MD5 hash:
778b0477e754b87d4673ea133da6e40f
SHA1 hash:
0f62c9c485664c18c17cc6d16c45542246562a22
Link:
https://www.unpac.me/results/018ea9b8-4cff-4aef-9086-1779deb92a57/
SH256 hash:
a499ab0f4ef4011f7ff375124c5cae9bf61c930067b5837236f4d91088e3293e
MD5 hash:
99e422203b7bf15536432da0dc66d228
SHA1 hash:
d86fd2ef5f5c1914963a53c143573b3b6cba70ca
Link:
https://www.unpac.me/results/018ea9b8-4cff-4aef-9086-1779deb92a57/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments