MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c8c311b17f9f35117abf0a17d28eebe2529c5a7182146cc6c028d73b4c77184b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	c8c311b17f9f35117abf0a17d28eebe2529c5a7182146cc6c028d73b4c77184b
SHA3-384 hash:	4795c68822547497b1b0c1899a8fa747ece93e691c43e2c2e4f893e60cb905baf5be2ceb374f1fea4a58515b1b73fdcf
SHA1 hash:	d2cffe0144412dc9ebfb6ddc7dae07a708931618
MD5 hash:	a76511fc674ffa0349f9727e3ae3b6b2
humanhash:	kansas-mississippi-tango-juliet
File name:	a76511fc674ffa0349f9727e3ae3b6b2
Download:	download sample
File size:	212'992 bytes
First seen:	2020-11-17 14:52:31 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	03ae0108c7455c49c94d2d60afa1e57a (1 x Worm.Ramnit)
ssdeep	3072:RhWzi7s/Jkug/mBHRasCyKY11XW20ALQE5NPp5+T2WM/+m4pLthEjQT6j:RhYSJ/mlMWKY11mZE5Bp5+aWEkEj1
Threatray	158 similar samples on MalwareBazaar
TLSH	4C248E02B1C0D89BD9B316700AF396949A7EFC31EB63811FB240772EEC36BA54A71755
Reporter	seifreed

Intelligence

File Origin

# of uploads :

1

# of downloads :

55

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Malware.Zusy-9759518-0

Win.Malware.Razy-9759519-0

Win.Malware.Zusy-9759529-0

Win.Trojan.Agent-1381405

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Sending a UDP request

Creating a file in the Windows directory

Running batch commands

Creating a process with a hidden window

Launching the default Windows debugger (dwwin.exe)

Creating a process from a recently created file

Creating a file in the Windows subdirectories

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/c8c311b17f9f35117abf0a17d28eebe2529c5a7182146cc6c028d73b4c77184b/

Threat name:

Win32.Trojan.Aenjaris

Status:

Malicious

First seen:

2020-11-07 18:52:00 UTC

AV detection:

26 of 28 (92.86%)

Threat level:

5/5

Verdict:

unknown

Similar samples:

088fb74bd478543cca2e9746a1f86f84cefbc5876137c09bbe53e6f3e79fda9c

0cad84b3e79d393c7eee41f9d14a1f8ebbeffca24911c63814f3ce1bf1c0523b

58639b1e453b9b9e40e3cc5f338f04a22d95b707d2b09102954fb7a6794c0aab

600bce786b41a7f5dbf3ca746435c98ac2ddef5f4753322c09c43c550ca1cfcc

743826d85a6d09cc72c7502f8b887fc1bcdc77428f057aadee0dd1afd5b8f392

a3d25311c094426327b4080e6407775575e36e0011515132e5c8e6678f150024

ac422920d62f5ec2f60b667d561f5a50448982e42b7b03f5dee364c2bfb9d40f

b07f8a3235234b38405b57fe41af7c8f89c46b091cc0b3cb8670cb5337d7b4fa

bf299c5b6f4f84968ee0cb802d1bf8823ffd088c463e31f6caa8c02c0ac4269b

c2205d73ef491fdebfed566b39b5a7f0a0a782c2b0c37e4b08a01f6d93830d24

+ 148 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

10/10

Tags:

n/a

Link:

https://tria.ge/reports/201117-38yvq3gyw6/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Program crash

Drops file in Windows directory

Drops file in System32 directory

Loads dropped DLL

Executes dropped EXE

ServiceHost packer

Suspicious use of NtCreateProcessExOtherParentProcess

Unpacked files

SH256 hash:

c8c311b17f9f35117abf0a17d28eebe2529c5a7182146cc6c028d73b4c77184b

MD5 hash:

a76511fc674ffa0349f9727e3ae3b6b2

SHA1 hash:

d2cffe0144412dc9ebfb6ddc7dae07a708931618

Link:

https://www.unpac.me/results/8b42461c-dbc1-4297-8b62-df5daed464f2/

SH256 hash:

289f1485d6f724d6b9032c7b6fee380a266ec92a98152936854fd73c886b291e

MD5 hash:

7a418ba34ac6c689c2ec6d9d06230e3c

SHA1 hash:

f2b6e789a374878b59379c30e2cf5e05060a5fda

Link:

https://www.unpac.me/results/8b42461c-dbc1-4297-8b62-df5daed464f2/

SH256 hash:

ef3d1c1fd17ad88566f56fb1fe708a81df8649c211d789e0166f1d2698baed51

MD5 hash:

b266c793adaffab120901895cdac4346

SHA1 hash:

4b6a1eef1ffb9a885dfb6831384bcbc6eb715f26

Link:

https://www.unpac.me/results/8b42461c-dbc1-4297-8b62-df5daed464f2/

SH256 hash:

32b83e7bb7d8779c587f24829d690abe9f84c02c85db4eaede055ed094658dbd

MD5 hash:

74cd0b552d9c7b4b048a362f72c9a8f9

SHA1 hash:

3e20caf70d6e4ef925a24c9c98c21ef8a423e5e1

Link:

https://www.unpac.me/results/8b42461c-dbc1-4297-8b62-df5daed464f2/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Tinba

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/c8c311b17f9f35117abf0a17d28eebe2529c5a7182146cc6c028d73b4c77184b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample