MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 bf299c5b6f4f84968ee0cb802d1bf8823ffd088c463e31f6caa8c02c0ac4269b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 3
| SHA256 hash: | bf299c5b6f4f84968ee0cb802d1bf8823ffd088c463e31f6caa8c02c0ac4269b |
|---|---|
| SHA3-384 hash: | adeebc1c67095652f62d860887dd0488ac1b2c1bbe7e69d221e372a534160a9a2a77beddfc81c7ce9b5d1ce216983d7a |
| SHA1 hash: | cfcc97b69155117beeef876fa87423f56db1d4c9 |
| MD5 hash: | 88b6a1358c6d72513e6f933a0ad7cc7e |
| humanhash: | india-jersey-wolfram-yellow |
| File name: | 88b6a1358c6d72513e6f933a0ad7cc7e |
| Download: | download sample |
| File size: | 212'992 bytes |
| First seen: | 2020-11-17 12:13:20 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | 03ae0108c7455c49c94d2d60afa1e57a (1 x Worm.Ramnit) |
| ssdeep | 3072:RhWzi7s/Jkug/mBHRasCyKY11vW20ALoE5NPp5+T2WM/+L4pLthEjQT6j:RhYSJ/mlMWKY11exE5Bp5+aW1kEj1 |
| Threatray | 84 similar samples on MalwareBazaar |
| TLSH | 3A248E02B1C0D89BD9B316700AF396949A7EFC31EB63811FB240772EEC36BA54A71755 |
| Reporter |  seifreed |
Intelligence
File Origin
# of uploads :
1
# of downloads :
55
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:
Behaviour
Creating a window
Sending a UDP request
Creating a file in the Windows subdirectories
Running batch commands
Creating a process with a hidden window
Launching the default Windows debugger (dwwin.exe)
Creating a process from a recently created file
Threat name:
Win32.Trojan.Aenjaris
Status:
Malicious
First seen:
2020-10-15 19:12:40 UTC
AV detection:
28 of 29 (96.55%)
Threat level:
5/5
Verdict:
unknown
Similar samples:
+ 74 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
10/10
Tags:
n/a
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Program crash
Drops file in Windows directory
Drops file in System32 directory
Loads dropped DLL
Executes dropped EXE
ServiceHost packer
Suspicious use of NtCreateProcessExOtherParentProcess
Unpacked files
SH256 hash:
bf299c5b6f4f84968ee0cb802d1bf8823ffd088c463e31f6caa8c02c0ac4269b
MD5 hash:
88b6a1358c6d72513e6f933a0ad7cc7e
SHA1 hash:
cfcc97b69155117beeef876fa87423f56db1d4c9
SH256 hash:
f523ca90428e03a99ce0fc4a0f56c63fd5107d69918ba697a0c277bbab81b016
MD5 hash:
b0dcf0e136f4224782a6512d15386bd8
SHA1 hash:
8186b9e05ebd02946b07ecf5c08879fe32bb287e
SH256 hash:
803c652856bb5d6da257e644d71cbe536bdff5b7c224336d32afaa47e8b76a3c
MD5 hash:
10c7a88684a74e5b55a9103476235386
SHA1 hash:
86c7fae1bcdab34940e309d989fad913590967ad
SH256 hash:
370c7561479909cc9e17860ea4c686272fb2cd898f571a11804826564875ee1c
MD5 hash:
08dbb6d67ca7e5673f7c5edc64752f20
SHA1 hash:
06a42a893feb8d808f8339c3a5feae65f3c5b4dd
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Delivery method
Other
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.