MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 b6044b2b797251efc478605cb644dff4b82604b0aee001d76cfcae945520b127. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 3
| SHA256 hash: | b6044b2b797251efc478605cb644dff4b82604b0aee001d76cfcae945520b127 |
|---|---|
| SHA3-384 hash: | bb8cd53fc9e404304a1203ee65cd14fd4ac664e35916c613431573c41ff07d1b3e1babc6d4661b6fa5b24b1ba3dd6a8b |
| SHA1 hash: | a23c3740a2904c0fadecc7fb6b4c1b8c8fc683e7 |
| MD5 hash: | a924189f68693e3107a04f24085414d3 |
| humanhash: | island-happy-potato-floor |
| File name: | a924189f68693e3107a04f24085414d3 |
| Download: | download sample |
| File size: | 212'992 bytes |
| First seen: | 2020-11-17 14:08:03 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | 03ae0108c7455c49c94d2d60afa1e57a (1 x Worm.Ramnit) |
| ssdeep | 6144:Pf61YFjn3do2gbTodGhpy/uzHgj+z2IU/15kEj1:36uVJwTqsIyHTzOkC |
| Threatray | 170 similar samples on MalwareBazaar |
| TLSH | 63248E04B2A2A06BE1D3C23485E18F795D7FBCA17E36931F346C376E59766920D31BA0 |
| Reporter |  seifreed |
Intelligence
File Origin
# of uploads :
1
# of downloads :
50
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:
Behaviour
Creating a window
Creating a file in the Windows subdirectories
Running batch commands
Creating a process with a hidden window
Launching the default Windows debugger (dwwin.exe)
Creating a process from a recently created file
Threat name:
Win32.Trojan.Aenjaris
Status:
Malicious
First seen:
2020-11-07 19:10:03 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
5/5
Verdict:
unknown
Similar samples:
+ 160 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
10/10
Tags:
n/a
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Program crash
Drops file in Windows directory
Drops file in System32 directory
Loads dropped DLL
Executes dropped EXE
ServiceHost packer
Suspicious use of NtCreateProcessExOtherParentProcess
Unpacked files
SH256 hash:
b6044b2b797251efc478605cb644dff4b82604b0aee001d76cfcae945520b127
MD5 hash:
a924189f68693e3107a04f24085414d3
SHA1 hash:
a23c3740a2904c0fadecc7fb6b4c1b8c8fc683e7
SH256 hash:
9253c706ca8109924413b2739f62b24f7c00ba77deba544c94e9e625738c2ebf
MD5 hash:
44a5088c6260779b923943d8c1da716a
SHA1 hash:
15abc3d988f436cdfbbaaf2846f632495878c32c
SH256 hash:
75bbb6763667c72bfefbc3e8a5eca9ee66dbe796eb04b21f0b2f5b7f83aa3056
MD5 hash:
ba6744af3c8f9ac18d99bfa3bfbeeb11
SHA1 hash:
c4ef564ea27e650394be656fac68b2190358b43a
SH256 hash:
6361881065bcb8829f01a75e4a83d1eca778a850d539239e559271df6675687e
MD5 hash:
4f0357d3551c7de7ccbbc36b3d9f67f6
SHA1 hash:
286bfb9e83fd54698ad506d6fce385f8655a8aa1
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Delivery method
Other
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.