MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e464444282c39c8c849b32e50864ac28b2edb9d3ccf880a65d68db1b0c3e31dc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e464444282c39c8c849b32e50864ac28b2edb9d3ccf880a65d68db1b0c3e31dc
SHA3-384 hash: df45ee2823c3d11d07f470db327cfab3809fd35cca4038205ac2ff8eadaae34df73c698fee07d3c735055f81a96f9e8f
SHA1 hash: 44cd88612b7b9b93ff8ffa82c69630412d507059
MD5 hash: a2078ba859cf750820dff2cdf4431e9c
humanhash: sweet-cardinal-coffee-colorado
File name:a2078ba859cf750820dff2cdf4431e9c
Download: download sample
File size:212'992 bytes
First seen:2020-11-17 11:56:41 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 03ae0108c7455c49c94d2d60afa1e57a (1 x Worm.Ramnit)
ssdeep 6144:+3t8l1g0+GnfwtP7AihnmdkqDILTuFkEj1:+dCV+Gpc4/waFkC
Threatray 128 similar samples on MalwareBazaar
TLSH 17248D917382FDD2E06B473088E4E79429B4FD62DFB6421B3294775C127CA611A2CF9E
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
49
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Razy-9759519-0
Create hunting rule

Win.Malware.Zusy-9759529-0
Create hunting rule

Win.Trojan.Agent-1381405
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Creating a file in the Windows subdirectories
Running batch commands
Creating a process with a hidden window
Launching the default Windows debugger (dwwin.exe)
Creating a process from a recently created file
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e464444282c39c8c849b32e50864ac28b2edb9d3ccf880a65d68db1b0c3e31dc/
Threat name:
Win32.Trojan.Aenjaris
Create hunting rule
Status:
Malicious
First seen:
2020-11-07 18:57:38 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
0f3750ad15660c490b362e4ef40d1eadd1fe8381e6bcb07db32f5a6cc77aebc6
14da1a1ccadf50f6599e7889e37627b7ebe383b1b482029f94cea57336e864b7
243622c63f013c1ce6779a8539daffc7cf3e40d64b2a1df6ef2e22b85e9be92d
2c1e6769208a36e6f5751565dd448673275c2a703aedeef144e49b7789cc9d95
6a972b99e24b3e9c6f7db8900b2b682cf0a77c5e8be24ded64fa6ea0ee42e846
798e842411486fafd06c7bb156cfb9648c71a627f39b2f2ff94001092886987a
93d762c85f87b523fd658c611392fc462e4b460ac962dcec5abd26ed011d9761
9dc9e84417abae2d03346b9855469e751126477b52412bf9eff8f7aa09bb35ab
b5635611802d347c475c6f52ed4055c3703139aa102248c933842d7dcfbc9f4a
e38de8ec5fb30a4a55917e568982b2a630535c0f5a6bb54cbbb247f5b0425e49
+ 118 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Link:
https://tria.ge/reports/201117-sve1s2c7qa/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Program crash
Drops file in Windows directory
Drops file in System32 directory
Loads dropped DLL
Executes dropped EXE
ServiceHost packer
Suspicious use of NtCreateProcessExOtherParentProcess
Unpacked files
SH256 hash:
e464444282c39c8c849b32e50864ac28b2edb9d3ccf880a65d68db1b0c3e31dc
MD5 hash:
a2078ba859cf750820dff2cdf4431e9c
SHA1 hash:
44cd88612b7b9b93ff8ffa82c69630412d507059
Link:
https://www.unpac.me/results/df43e763-169b-427e-a888-cc979b55f458/
SH256 hash:
09a8cc22f8882186470b20c55d7388c181be539038984272590e52868c4336b5
MD5 hash:
363b0134329cb1f81a23d32c87bfc727
SHA1 hash:
ef3d17c101ecf2cb5459842b34ff3162b39b57c8
Link:
https://www.unpac.me/results/df43e763-169b-427e-a888-cc979b55f458/
SH256 hash:
d173acdc63a31d4c7ab491f90bfd12cedfbda182e1473a849f2cd81788fd78c6
MD5 hash:
0e63b00c22db35d95af44896bfd4774d
SHA1 hash:
1cc2b26403cdc6477f60792b718eb500dc9a416f
Link:
https://www.unpac.me/results/df43e763-169b-427e-a888-cc979b55f458/
SH256 hash:
8cf57bdd02b41d17e967afb4ea8487d269cd23a0483b7f0e56afd9a5de1bc937
MD5 hash:
e5b4e710246443be98489dc47c4f8195
SHA1 hash:
e19ff748040a7c9887ec74101c02f16fa0bb21a8
Link:
https://www.unpac.me/results/df43e763-169b-427e-a888-cc979b55f458/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments