MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ac422920d62f5ec2f60b667d561f5a50448982e42b7b03f5dee364c2bfb9d40f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	ac422920d62f5ec2f60b667d561f5a50448982e42b7b03f5dee364c2bfb9d40f
SHA3-384 hash:	e7843272763330cb09876b4144f21c2de4edf2a22a8b10b7abcc291e970c5b95aab7563e60905c81036c21468c0e7308
SHA1 hash:	e7d61c04e6ab9d9abac9d7091df422fdd2cea119
MD5 hash:	1503bcfa8de1cd8fb40266f6f37a3c48
humanhash:	mango-orange-august-fish
File name:	a07b3fea07c70aabd02dbc241a13ab1d
Download:	download sample
File size:	212'992 bytes
First seen:	2020-11-17 11:43:43 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	03ae0108c7455c49c94d2d60afa1e57a (1 x Worm.Ramnit)
ssdeep	3072:RhWzi7s/Jkug/mBHRasCdKY11vG20ALoE5NPp5+T2WM/+Y4pLthEjQT6j:RhYSJ/mlMBKY11uxE5Bp5+aWekEj1
Threatray	135 similar samples on MalwareBazaar
TLSH	BD248E02B1C0D89BD9B316700AF396949A7EFC31EB63811FB240772EEC36BA54A71755
Reporter	seifreed

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Malware.Zusy-9759518-0

Win.Malware.Razy-9759519-0

Win.Malware.Zusy-9759529-0

Win.Trojan.Agent-1381405

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Creating a file in the Windows subdirectories

Running batch commands

Creating a process with a hidden window

Creating a process from a recently created file

Creating a file in the Windows directory

Launching the default Windows debugger (dwwin.exe)

Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch

Enabling autorun by creating a file

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/ac422920d62f5ec2f60b667d561f5a50448982e42b7b03f5dee364c2bfb9d40f/

Threat name:

Win32.Trojan.Aenjaris

Status:

Malicious

First seen:

2020-11-17 11:45:40 UTC

AV detection:

27 of 29 (93.10%)

Threat level:

5/5

Verdict:

unknown

46658a542b8a7dce30caacb538805ba6d88c6329afd072a986389929ede2a408

743826d85a6d09cc72c7502f8b887fc1bcdc77428f057aadee0dd1afd5b8f392

a3d25311c094426327b4080e6407775575e36e0011515132e5c8e6678f150024

bf299c5b6f4f84968ee0cb802d1bf8823ffd088c463e31f6caa8c02c0ac4269b

c2205d73ef491fdebfed566b39b5a7f0a0a782c2b0c37e4b08a01f6d93830d24

c8c311b17f9f35117abf0a17d28eebe2529c5a7182146cc6c028d73b4c77184b

c9db9f0e17a87aae3cf4a2878bfadfba254ca1acb21f4b568170cf0bd7562a3f

d2c0475852e1d44f90dd4f8f7361176ae05dedf2ad5d21cfbc96aa9b90260c68

f5cbf699160cc72f0a645ef3851c80eda851f3120a4d76513ac660b5fbd844ff

+ 125 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

10/10

Tags:

persistence

Link:

https://tria.ge/reports/201117-gzrfs1jsje/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Program crash

Drops file in Windows directory

Drops file in System32 directory

Adds Run key to start application

Drops startup file

Loads dropped DLL

Executes dropped EXE

ServiceHost packer

Suspicious use of NtCreateProcessExOtherParentProcess

Unpacked files

SH256 hash:

ac422920d62f5ec2f60b667d561f5a50448982e42b7b03f5dee364c2bfb9d40f

MD5 hash:

1503bcfa8de1cd8fb40266f6f37a3c48

SHA1 hash:

e7d61c04e6ab9d9abac9d7091df422fdd2cea119

Link:

https://www.unpac.me/results/284f4e00-a802-4a8a-bfb4-904dd5d6c8d8/

SH256 hash:

a1d1caabe6a31d4131d9189fb07ba5989073c3ce4f95976808437640086d9c13

MD5 hash:

6f0cc2e3dcee7ce53a394eeb49cba588

SHA1 hash:

20a51e9ee96ee98d02ef23d4856ce9542d494252

Link:

https://www.unpac.me/results/284f4e00-a802-4a8a-bfb4-904dd5d6c8d8/

SH256 hash:

9437b6f2d9eba0e60b6ce232fe4c4fc675e82014f0ce825196ed96c5416f70e5

MD5 hash:

31ea3d0e1d97ee2afca7c5611e6ea67f

SHA1 hash:

12bd74ffbb214ba5de6f53ef5a98bc3b8cca8797

Link:

https://www.unpac.me/results/284f4e00-a802-4a8a-bfb4-904dd5d6c8d8/

SH256 hash:

09130c653a31a4ed40a5736b65a53fe182b623400c6a44f41858a11dc80313f1

MD5 hash:

b7d67a6e4f73903aa2df41925ad842a9

SHA1 hash:

a3b8060c9cf5aa43b87eddb16c0b1642a501e621

Link:

https://www.unpac.me/results/284f4e00-a802-4a8a-bfb4-904dd5d6c8d8/

SH256 hash:

9b6466e4de1e9774b1d89b6185a1362604f73aac7893acee0ec9fa4ab747cfdf

MD5 hash:

40645d1f064ca4bf7aac7095f1b5bd26

SHA1 hash:

b735bf269e93b081f4e84cdc44961a4c4577475d

Link:

https://www.unpac.me/results/284f4e00-a802-4a8a-bfb4-904dd5d6c8d8/

SH256 hash:

2219f1d1ee7cdc1d60cc1cdf08238dac22bb8cf54a4236f0a0bffc2c5e45fcd4

MD5 hash:

c11fcf41432fd479443a7d10b3fc4276

SHA1 hash:

a82bd97e294c2ae5f97043ead7f78b9313cb59b1

Link:

https://www.unpac.me/results/284f4e00-a802-4a8a-bfb4-904dd5d6c8d8/

SH256 hash:

b6c605e09b6f3904d665dac95edffb0306a86d6c81ad7450f92caacb950ec5a2

MD5 hash:

31702162c13f6a8ca8bb8d708e233b58

SHA1 hash:

59ee4440e1800cd9dec4c914c4c66ba2a3669c7a

Link:

https://www.unpac.me/results/284f4e00-a802-4a8a-bfb4-904dd5d6c8d8/

SH256 hash:

9779de03bafd23c11d1eb4af6e71907c038c1326545842c9d6004059c40b8d65

MD5 hash:

e2590dec4f1d55c63d90a627faee2f78

SHA1 hash:

70c1274524f1f63fb847a4ef2455fa685e09310d

Link:

https://www.unpac.me/results/284f4e00-a802-4a8a-bfb4-904dd5d6c8d8/

SH256 hash:

2ec859c2e3a1349fa28bee6393c754c00c18db968be215148c50dfad35f4b148

MD5 hash:

672cb0358356f229cd0662a37c75e500

SHA1 hash:

7c0e8b162fe12421e3974626898211a878590596

Link:

https://www.unpac.me/results/284f4e00-a802-4a8a-bfb4-904dd5d6c8d8/

SH256 hash:

53fafadcb2897300ecc569dd91a819e397178edf8b231abe72ca8701e27571aa

MD5 hash:

699ab7e4f01e88f6dc501194f2e07fc8

SHA1 hash:

03be93b3a9833d070e4b3610beaf584c0d968709

Link:

https://www.unpac.me/results/284f4e00-a802-4a8a-bfb4-904dd5d6c8d8/

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample