MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9dd41de95c73c14fe51a5ec3955d93809f7e30dc558bb5d1e47fa2e7ff4be8f9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	9dd41de95c73c14fe51a5ec3955d93809f7e30dc558bb5d1e47fa2e7ff4be8f9
SHA3-384 hash:	4211b0ee4da596dff0f133509d2d87d3e1eefb37d9233c267f043796a3af88010d623311eb72fecdbf53b794295b829a
SHA1 hash:	f8dec410b234e8c02b5f83e873b05b8d9ecba0b1
MD5 hash:	a29c73c2097865c8a35e317e32310b9c
humanhash:	burger-river-quiet-lithium
File name:	a29c73c2097865c8a35e317e32310b9c
Download:	download sample
File size:	212'992 bytes
First seen:	2020-11-17 11:33:35 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	03ae0108c7455c49c94d2d60afa1e57a (1 x Worm.Ramnit)
ssdeep	3072:304LxPuw1gml7Rrfm2AH3+O/+7nUESOvXWjHCPPobsw4pLthEjQT6j:304LxmagzFxW7UESLj4SkEj1
Threatray	42 similar samples on MalwareBazaar
TLSH	F0247E123980C142EF6BDA7454F7CAA80F68FE629FB2529767C0335E1F72B4C5916392
Reporter	seifreed

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Malware.Razy-9759519-0

Win.Malware.Zusy-9759529-0

Win.Trojan.Agent-1381405

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Creating a file in the Windows subdirectories

Running batch commands

Creating a process with a hidden window

Creating a file in the Windows directory

Creating a process from a recently created file

Launching the default Windows debugger (dwwin.exe)

Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch

Enabling autorun by creating a file

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/9dd41de95c73c14fe51a5ec3955d93809f7e30dc558bb5d1e47fa2e7ff4be8f9/

Threat name:

Win32.Trojan.Aenjaris

Status:

Malicious

First seen:

2020-11-07 19:12:53 UTC

AV detection:

27 of 29 (93.10%)

Threat level:

5/5

Verdict:

unknown

2c1e6769208a36e6f5751565dd448673275c2a703aedeef144e49b7789cc9d95

3078464e6eac5fa0a8b59bc9805c1a1777f07b6e055397be907bb0c293868908

3b7845e9dae733158cb3b642b1e44df47a791db693c29627658d772a7b1b0b26

6b123a7f279751561a329fc9fb56d41fcf7a53d15fc6d0e638099fe9e844d962

9e0d8b40ee55e5b66d3b79984a66bdaf38ba2c1cb33c8d88f5b504f8e31ed421

a49adfc7e4e25cd512b4083412d1ca8da6a796104d08f142cb9617198e376727

b40b78fc2ad18f2fed2fac1b32447003d407ecfb46d15ef62bb483fbd5a482d8

c2205d73ef491fdebfed566b39b5a7f0a0a782c2b0c37e4b08a01f6d93830d24

f8bb14872c59ab2fb7e0e15c511e72e140d59d5feaa3a3cca48997b29cd342c0

+ 32 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

10/10

Tags:

persistence

Link:

https://tria.ge/reports/201117-dtd82gtm3s/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Program crash

Drops file in Windows directory

Drops file in System32 directory

Adds Run key to start application

Drops startup file

Loads dropped DLL

Executes dropped EXE

ServiceHost packer

Suspicious use of NtCreateProcessExOtherParentProcess

Unpacked files

SH256 hash:

9dd41de95c73c14fe51a5ec3955d93809f7e30dc558bb5d1e47fa2e7ff4be8f9

MD5 hash:

a29c73c2097865c8a35e317e32310b9c

SHA1 hash:

f8dec410b234e8c02b5f83e873b05b8d9ecba0b1

Link:

https://www.unpac.me/results/78909c97-180d-4c94-a705-5d231c9fb5c8/

SH256 hash:

0662fe79a9fbe52435607358d8d18bd58ff12d67f780640c9aa90891ec47ef7b

MD5 hash:

c1455a0eb620222f658d9a9c358320fe

SHA1 hash:

e563c2a570fec4e2c4e5d6dd2191131955291f3f

Link:

https://www.unpac.me/results/78909c97-180d-4c94-a705-5d231c9fb5c8/

SH256 hash:

3df91d886838b0dcbb41edcd3a9696a5e6f4772503bbf5a7f777eb9a1a749ad6

MD5 hash:

60877ee17ef0c3a8f02ed2a92e3d876e

SHA1 hash:

8861b57c4e404d5a9d93b3c80903d0de60285eb7

Link:

https://www.unpac.me/results/78909c97-180d-4c94-a705-5d231c9fb5c8/

SH256 hash:

c959da0de9db31e8ea26db29eb133b880b933961ad2bfb2ff378cec637301e88

MD5 hash:

bae2d8ac2f10774e13de5fdc7a9e080e

SHA1 hash:

b6d9b5ffd6378e1ac5c5865d8e1f01e2eafb9b23

Link:

https://www.unpac.me/results/78909c97-180d-4c94-a705-5d231c9fb5c8/

SH256 hash:

a8a876844f6db8765c1b4173ca4bf935f2a39e626105a8bae718941de47af371

MD5 hash:

a152b78cd02ff54886977e3529052534

SHA1 hash:

0ddff2ab457f0d4d1984d859495614f28e576dea

Link:

https://www.unpac.me/results/78909c97-180d-4c94-a705-5d231c9fb5c8/

SH256 hash:

3cf22f4a58e140d74ca1cae835bf06dcba0107a7021c7812d4d9916ee314b967

MD5 hash:

2ad95a2280a18b4bd9235ba86ab77bf3

SHA1 hash:

5f90fa2a16ba9bb9e927ffaaa5e17cf828dd636b

Link:

https://www.unpac.me/results/78909c97-180d-4c94-a705-5d231c9fb5c8/

SH256 hash:

3c651a985a96b831f0f108a9bc3524864472d6c1bb1432ae6e9b33088ac75712

MD5 hash:

e90bcfbeaf8f6839f2a0570f32626699

SHA1 hash:

dc16ead3de0ba9e62b51bb2f558697c8a70c3144

Link:

https://www.unpac.me/results/78909c97-180d-4c94-a705-5d231c9fb5c8/

SH256 hash:

66025c0377388cfb6cbd23784c09b8ec1d694b2b22db6b1fe4a94907c0dc53ba

MD5 hash:

7fedacdccdff4b49861dfd30df552a7a

SHA1 hash:

dd3a5ceebab831f9221cae19c454f5fcc656259a

Link:

https://www.unpac.me/results/78909c97-180d-4c94-a705-5d231c9fb5c8/

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample