MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e4b1560709c21648c854e875dc52b634e080f3781880fdc8e1bae58d343ff412. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e4b1560709c21648c854e875dc52b634e080f3781880fdc8e1bae58d343ff412
SHA3-384 hash: 37622b6df153856a00ff63b6e57f174e639a439aefc96086ca5e0f66731e32d5249607f20f07b639937105a76a2c79e8
SHA1 hash: a3077d8cd443d0bd651ac3512b9a7bc99c0aa74b
MD5 hash: a7031c68eab6220e336f28212f021c36
humanhash: monkey-august-fish-thirteen
File name:a7031c68eab6220e336f28212f021c36
Download: download sample
File size:212'992 bytes
First seen:2020-11-17 15:18:48 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 03ae0108c7455c49c94d2d60afa1e57a (1 x Worm.Ramnit)
ssdeep 3072:mi3fAUj3qpF4oO3EF90BhIoxH97nrUxDrkw0tHoOUZL4pLthEjQT6j:/3ftCkc90BhISlrUxDILtHoOUxkEj1
Threatray 187 similar samples on MalwareBazaar
TLSH E7249C013AE6C907E52797B948F1F5AE36757D925FF2936726C0771E38B23904C28BA0
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Razy-9759519-0
Create hunting rule

Win.Malware.Zusy-9759529-0
Create hunting rule

Win.Trojan.Agent-1381405
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a window
Creating a file in the Windows subdirectories
Running batch commands
Creating a process with a hidden window
Creating a file in the Windows directory
Creating a process from a recently created file
Launching the default Windows debugger (dwwin.exe)
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Enabling autorun by creating a file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e4b1560709c21648c854e875dc52b634e080f3781880fdc8e1bae58d343ff412/
Threat name:
Win32.Trojan.Aenjaris
Create hunting rule
Status:
Malicious
First seen:
2020-11-07 09:24:00 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
000aba05d34281fa9a509e464d2c4ac3a2c94bff16928b73723abe274f516d98
431e04000c1801546db8cf059a636154715eb3ff7f6d715a15f91ac8f94979a0
6b123a7f279751561a329fc9fb56d41fcf7a53d15fc6d0e638099fe9e844d962
6bd4a889a26f81775904f7f53a6761ff920d866d04746a4fd7e551d1a9318b4f
784c771b4eeaaf909fba8a13576fa117604ce9bc5e6131b9352888ba6aed77a7
900d305e4eb3d0b0f7fce699b867f0a2edab7d51e22e942a0a2b4ea81a982aad
9e0d8b40ee55e5b66d3b79984a66bdaf38ba2c1cb33c8d88f5b504f8e31ed421
a5f93821146779fef62c348b5707a187d4fb52aa924fa8b1ba5a86eee5167b50
f0ef5abba43ba0b4a1d86b1c716244aaafe6b954b3eb06213ac63071818b5982
fa86d2cd7e9281b198093a0a310c18b326c3dfbeaeb61d7e8ebd7be8a9f8d342
+ 177 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  9/10
Tags:
persistence
Link:
https://tria.ge/reports/201117-5w2r3c36kj/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Program crash
Drops file in Windows directory
Drops file in System32 directory
Adds Run key to start application
Drops startup file
Loads dropped DLL
Executes dropped EXE
ServiceHost packer
Unpacked files
SH256 hash:
e4b1560709c21648c854e875dc52b634e080f3781880fdc8e1bae58d343ff412
MD5 hash:
a7031c68eab6220e336f28212f021c36
SHA1 hash:
a3077d8cd443d0bd651ac3512b9a7bc99c0aa74b
Link:
https://www.unpac.me/results/fb11097a-1ef9-452b-9009-63f0e5c5ae36/
SH256 hash:
9ffe2ce744709cf80e71e41c725b8b82f7effbaef4b07fff12ecdf059bf6affc
MD5 hash:
c0a8986f492ba88b0e9606d20b59bb99
SHA1 hash:
14ffd9710f1e2bf55084e349f70a72b314f9317a
Link:
https://www.unpac.me/results/fb11097a-1ef9-452b-9009-63f0e5c5ae36/
SH256 hash:
b1b535d2e71efbd63be1f3a9e92872b90714ae2f6e581c3ac36eb5f7c0c47c26
MD5 hash:
a7857571827a575cf1ca3c8de0f925d7
SHA1 hash:
d8fe58eb7edfedc719e9153eb5987afb3c9cd69c
Link:
https://www.unpac.me/results/fb11097a-1ef9-452b-9009-63f0e5c5ae36/
SH256 hash:
4b51e64f9a00b5ffacb1447f451e7121a7e516d003594205ad8efebf7ffa3b27
MD5 hash:
ec550a762a9bd3495d5d048ea2769c48
SHA1 hash:
b63197893fd129cfffcffb14fed7463867084fea
Link:
https://www.unpac.me/results/fb11097a-1ef9-452b-9009-63f0e5c5ae36/
SH256 hash:
aecb3f044f62451c8ec98a7a90300543fc538a54226b50ff021ee32a66519558
MD5 hash:
af0ac4d9ed9ce9aa21e014c10bca9603
SHA1 hash:
c2351b1c14a6ad04afceed582618cc1ef4c9cb59
Link:
https://www.unpac.me/results/fb11097a-1ef9-452b-9009-63f0e5c5ae36/
SH256 hash:
15152dca99a73cdcb38cb7307fb48087b9c8ebd197c3a6b2444bc3c7626496f4
MD5 hash:
d1b27df75507f32898ba6736a4472673
SHA1 hash:
7c1134509467afc41da1832be422daccfa0f43dc
Link:
https://www.unpac.me/results/fb11097a-1ef9-452b-9009-63f0e5c5ae36/
SH256 hash:
2d39990e82c2e3ebc5fb3b577d44e17b52b7ab18a1922d0f9740a8c9e3804435
MD5 hash:
66d6ace9e96b7ebfbe69691768165674
SHA1 hash:
3244cbdd5e67c849126062c9f9ee70702eb70a5b
Link:
https://www.unpac.me/results/fb11097a-1ef9-452b-9009-63f0e5c5ae36/
SH256 hash:
b95e96c8a306a5c0f7c517e2722c8110c7b6581a995e6d0de6e0d1937ce71ce5
MD5 hash:
02669f5b1329f0e3db13f621eb3256b5
SHA1 hash:
599363a65f1fd92a9e7bbb8abb5c23c6483143fd
Link:
https://www.unpac.me/results/fb11097a-1ef9-452b-9009-63f0e5c5ae36/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments