MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9f69e4209459877bfd78e5de12c2d736ac04142c1ec1ddb94a38bc91a8e97a02. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9f69e4209459877bfd78e5de12c2d736ac04142c1ec1ddb94a38bc91a8e97a02
SHA3-384 hash: 9e421fb315736f59ba80074fb8cf073c858819887518b2dac14e3709529efbcb2a792c39770ee3679087c9a95278f05f
SHA1 hash: a266b62ccf23c8ef24b29a89761edea77b49929e
MD5 hash: a0b98b91e40c2b454c927a65f338034d
humanhash: alaska-mobile-comet-iowa
File name:a0b98b91e40c2b454c927a65f338034d
Download: download sample
File size:212'992 bytes
First seen:2020-11-17 11:24:19 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 03ae0108c7455c49c94d2d60afa1e57a (1 x Worm.Ramnit)
ssdeep 3072:w68H/nS/AjlKSi3xXWh+qJVb3v2zcO0JylVVGM5zZSBJLWOY4pLthEjQT6j:w6CIA8k+wMllVlzZSBokEj1
Threatray 53 similar samples on MalwareBazaar
TLSH BE247CC27384D1EEE8A7DA3048D5C77817B5BD618FA5530BB440334E2AB62A4FDA0769
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
55
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Razy-9759519-0
Create hunting rule

Win.Malware.Zusy-9759529-0
Create hunting rule

Win.Trojan.Agent-1381405
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Creating a file in the Windows subdirectories
Sending a UDP request
Running batch commands
Creating a process with a hidden window
Launching the default Windows debugger (dwwin.exe)
Creating a process from a recently created file
Creating a file in the Windows directory
Result
Verdict:
0
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9f69e4209459877bfd78e5de12c2d736ac04142c1ec1ddb94a38bc91a8e97a02/
Threat name:
Win32.Trojan.Aenjaris
Create hunting rule
Status:
Malicious
First seen:
2020-11-07 18:46:37 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
0442d6172e1b01552d3120027e608f0c813389a9c7276399f53e0b051288f4d0
2c1e6769208a36e6f5751565dd448673275c2a703aedeef144e49b7789cc9d95
2e93116e3d1711bdb935538502d6dd229e13e16bc8ef555a71289a150aed17e1
324187c87edf4d100fd962f026828b0d838505120db40430fe471242f4b1522a
347cb099e70226ad94dd881735ef3939a47b8bbcd2316cc1aa4a6678a7702867
7117b5b3b53a1d47f37d4ce9541ddfb9e0aa2bd8d08deea2b04b574515eb2c54
7ed78adee01158324695498d9bee7ef64dd3324ecbbe796d071785645f757726
d523eeb7f2579a26d5287ed5fe62508227d77f8b5bbde54e6240cba667c64d6d
f8bb14872c59ab2fb7e0e15c511e72e140d59d5feaa3a3cca48997b29cd342c0
fae8881e80b6243384360184e9f60a35155697c280af2440aa8ab7b904a43f4f
+ 43 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Link:
https://tria.ge/reports/201117-kxkjezlvx2/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Program crash
Drops file in Windows directory
Drops file in System32 directory
Loads dropped DLL
Executes dropped EXE
ServiceHost packer
Suspicious use of NtCreateProcessExOtherParentProcess
Unpacked files
SH256 hash:
9f69e4209459877bfd78e5de12c2d736ac04142c1ec1ddb94a38bc91a8e97a02
MD5 hash:
a0b98b91e40c2b454c927a65f338034d
SHA1 hash:
a266b62ccf23c8ef24b29a89761edea77b49929e
Link:
https://www.unpac.me/results/33353955-c0c4-4389-8b14-cd57bc469822/
SH256 hash:
dd6c8e209c90bf097d89062a25c439b356545c9c460a740b7b60a2d5ee1e36c9
MD5 hash:
064d012820d37e76f95004e2f1731a96
SHA1 hash:
99dd7ef118b03674c4b40b6f0609b3ba35520238
Link:
https://www.unpac.me/results/33353955-c0c4-4389-8b14-cd57bc469822/
SH256 hash:
077497a73291bd7742d8e745854378b030457f602456344846da55fb2f9e84ee
MD5 hash:
f1bb30a6b40f98ebf26eb06c1fd64cdf
SHA1 hash:
d1e84e71c80923654f922848e3c6fc4ff225efba
Link:
https://www.unpac.me/results/33353955-c0c4-4389-8b14-cd57bc469822/
SH256 hash:
6c9030f067e5b41fe1f1e6c76faa46ef6d860949cae1dd1e344b2d5f66f37776
MD5 hash:
1b5be39877967caac331708e038c8fd6
SHA1 hash:
95a6b537900d92f1767c90c3e86ec2de0957716e
Link:
https://www.unpac.me/results/33353955-c0c4-4389-8b14-cd57bc469822/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments