MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a49adfc7e4e25cd512b4083412d1ca8da6a796104d08f142cb9617198e376727. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	a49adfc7e4e25cd512b4083412d1ca8da6a796104d08f142cb9617198e376727
SHA3-384 hash:	e39aeec603fe8d74954cc43d72eed2d97492f440fd2cccb28519eb28c927ff48777863b61e5eeb4b6842e0e1918c6709
SHA1 hash:	34a5222bc32bb30a7d612a788453b584edc528f3
MD5 hash:	ba050d626c272de69140ddf796c9d1fc
humanhash:	oven-california-kilo-oxygen
File name:	a096e5fef72b8cdc0d088fc341436428
Download:	download sample
File size:	212'992 bytes
First seen:	2020-11-17 11:29:18 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	03ae0108c7455c49c94d2d60afa1e57a (1 x Worm.Ramnit)
ssdeep	3072:gaJUoAbFDs6HSqpQ68u7DcTuHwRs9CLkeaqM7OBv74pLthEjQT6j:7ajFIhqpr8ukTRs9skLqMSBv7kEj1
Threatray	48 similar samples on MalwareBazaar
TLSH	57245B027AA5D053E0B35B3118E2D7D93F27BD728BB8820B7658334DAE735C65D91BA0
Reporter	seifreed

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Malware.Genericr-6804212-0

Win.Malware.Razy-9759519-0

Win.Malware.Zusy-9759529-0

Win.Trojan.Agent-1381405

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a file in the Windows subdirectories

Creating a process from a recently created file

Launching the default Windows debugger (dwwin.exe)

Creating a window

Creating a file in the Windows directory

Running batch commands

Creating a process with a hidden window

Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch

Enabling autorun by creating a file

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/a49adfc7e4e25cd512b4083412d1ca8da6a796104d08f142cb9617198e376727/

Threat name:

Win32.Trojan.Aenjaris

Status:

Malicious

First seen:

2020-11-17 11:30:21 UTC

AV detection:

26 of 28 (92.86%)

Threat level:

5/5

Verdict:

unknown

3078464e6eac5fa0a8b59bc9805c1a1777f07b6e055397be907bb0c293868908

324187c87edf4d100fd962f026828b0d838505120db40430fe471242f4b1522a

347cb099e70226ad94dd881735ef3939a47b8bbcd2316cc1aa4a6678a7702867

3b7845e9dae733158cb3b642b1e44df47a791db693c29627658d772a7b1b0b26

47dcda5499db88280fe655b4a7e07589327074a489bd4d3f8abc6e2ce683dbc9

6b123a7f279751561a329fc9fb56d41fcf7a53d15fc6d0e638099fe9e844d962

723e74207d4c2b27c194e0ec3e8cdf7c14f2a97aaf1dbd25b5a658cfa4b8d054

9e0d8b40ee55e5b66d3b79984a66bdaf38ba2c1cb33c8d88f5b504f8e31ed421

9f69e4209459877bfd78e5de12c2d736ac04142c1ec1ddb94a38bc91a8e97a02

+ 38 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

10/10

Tags:

persistence

Link:

https://tria.ge/reports/201117-3bq5pmmfej/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Program crash

Drops file in Windows directory

Drops file in System32 directory

Adds Run key to start application

Drops startup file

Loads dropped DLL

Executes dropped EXE

ServiceHost packer

Suspicious use of NtCreateProcessExOtherParentProcess

Unpacked files

SH256 hash:

a49adfc7e4e25cd512b4083412d1ca8da6a796104d08f142cb9617198e376727

MD5 hash:

ba050d626c272de69140ddf796c9d1fc

SHA1 hash:

34a5222bc32bb30a7d612a788453b584edc528f3

Link:

https://www.unpac.me/results/098603d3-4df6-45f6-81f1-be6823bfa04b/

SH256 hash:

b4f52898671138ab2490d3b75912da69bca724158da08f5ea42e33d5aff75876

MD5 hash:

be22877a07d1adbea86f2c77312c5f05

SHA1 hash:

972ad58f4467026bc1b530ca6213c4705c8ab198

Link:

https://www.unpac.me/results/098603d3-4df6-45f6-81f1-be6823bfa04b/

SH256 hash:

69d941144c83d6438559350e03a2442e00aaa3149a7d9fdc24424565221149ec

MD5 hash:

d6b44e26414198d2783d7911acb08783

SHA1 hash:

aa5628c336879effa5eb9d7b32368a510fed87d4

Link:

https://www.unpac.me/results/098603d3-4df6-45f6-81f1-be6823bfa04b/

SH256 hash:

dc92092a8f1fb722648fa58d3e3f459c3ac14366a6a02a3755ad87f8615792d3

MD5 hash:

424deb81f438c3d0fe07913e00cba6d9

SHA1 hash:

25b3c674afeb74d8c112e12ba54ed4535e70233f

Link:

https://www.unpac.me/results/098603d3-4df6-45f6-81f1-be6823bfa04b/

SH256 hash:

15b76a3bb9eb55eb82a9467e71d48444c6a223596ce15d785c6f8b4d1f627fa3

MD5 hash:

5a1616d635068edc7ba29271c1bd257b

SHA1 hash:

a36aa4dc9d8f78b6d5c2b1deca4e02601bd5d046

Link:

https://www.unpac.me/results/098603d3-4df6-45f6-81f1-be6823bfa04b/

SH256 hash:

267b04d83574112fc643d09a7e4c20a98e6e01ae22a118b210cc2239c2fc3dc8

MD5 hash:

6c568581ba69cbb3ae0747162abe68fd

SHA1 hash:

e5261296a63ee62f3e9c7950b5852299e58a9590

Link:

https://www.unpac.me/results/098603d3-4df6-45f6-81f1-be6823bfa04b/

SH256 hash:

97b8335b4c260a17c7479483b6cc125564147fd23a18152727857680473d7ece

MD5 hash:

70c64ca3fe6bf5749fa9e02b908f33ad

SHA1 hash:

c9c9e466047bf1d87f4ff9e9b528abf91b8c39ef

Link:

https://www.unpac.me/results/098603d3-4df6-45f6-81f1-be6823bfa04b/

SH256 hash:

2d95538a91900ebc6aba073022288768dc59554223b9e8294ee38f4de7c66f09

MD5 hash:

3d771e4fdbd7ffcec6489fd6083550ab

SHA1 hash:

3cecdfa75867ca3eb9fc730ef05d1a6be74a9eba

Link:

https://www.unpac.me/results/098603d3-4df6-45f6-81f1-be6823bfa04b/

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample