MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f0ef5abba43ba0b4a1d86b1c716244aaafe6b954b3eb06213ac63071818b5982. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f0ef5abba43ba0b4a1d86b1c716244aaafe6b954b3eb06213ac63071818b5982
SHA3-384 hash: 3585c8ba82b9f4c41a0f4513aa17229448484c3600596c73c078dc3a5057c324a885f71d13f0edec511750349b7ebd42
SHA1 hash: fb3362a66fb1ad4fe3d2fedbfb01c19088655ab5
MD5 hash: 79d28576d6cc298b2036d791900f6665
humanhash: lake-whiskey-tennessee-juliet
File name:a7b1917cc1c872ae7b58267795b689a4
Download: download sample
File size:212'992 bytes
First seen:2020-11-17 15:39:58 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 03ae0108c7455c49c94d2d60afa1e57a (1 x Worm.Ramnit)
ssdeep 3072:k0Zy/+O5POKA1VkXCtcw5jf+la8Y7APprZDr3vqgL4pLthEjQT6j:jZyt5POFnk5/aZAj/3HkEj1
Threatray 187 similar samples on MalwareBazaar
TLSH E6246B817AADC602F12B0A39CCF095E50FBFBC1A6FB6F31B7654374E65B65904880B91
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Razy-9759519-0
Create hunting rule

Win.Malware.Zusy-9759529-0
Create hunting rule

Win.Trojan.Agent-1381405
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Creating a file in the Windows subdirectories
Running batch commands
Creating a process with a hidden window
Creating a process from a recently created file
Creating a file in the Windows directory
Launching the default Windows debugger (dwwin.exe)
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Enabling autorun by creating a file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f0ef5abba43ba0b4a1d86b1c716244aaafe6b954b3eb06213ac63071818b5982/
Threat name:
Win32.Trojan.Aenjaris
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 15:46:34 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
000aba05d34281fa9a509e464d2c4ac3a2c94bff16928b73723abe274f516d98
431e04000c1801546db8cf059a636154715eb3ff7f6d715a15f91ac8f94979a0
6b123a7f279751561a329fc9fb56d41fcf7a53d15fc6d0e638099fe9e844d962
784c771b4eeaaf909fba8a13576fa117604ce9bc5e6131b9352888ba6aed77a7
900d305e4eb3d0b0f7fce699b867f0a2edab7d51e22e942a0a2b4ea81a982aad
9dc9e84417abae2d03346b9855469e751126477b52412bf9eff8f7aa09bb35ab
9e0d8b40ee55e5b66d3b79984a66bdaf38ba2c1cb33c8d88f5b504f8e31ed421
a5f93821146779fef62c348b5707a187d4fb52aa924fa8b1ba5a86eee5167b50
e4b1560709c21648c854e875dc52b634e080f3781880fdc8e1bae58d343ff412
fa86d2cd7e9281b198093a0a310c18b326c3dfbeaeb61d7e8ebd7be8a9f8d342
+ 177 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  9/10
Tags:
persistence
Link:
https://tria.ge/reports/201117-64td1makbe/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Program crash
Drops file in Windows directory
Drops file in System32 directory
Adds Run key to start application
Drops startup file
Loads dropped DLL
Executes dropped EXE
ServiceHost packer
Unpacked files
SH256 hash:
f0ef5abba43ba0b4a1d86b1c716244aaafe6b954b3eb06213ac63071818b5982
MD5 hash:
79d28576d6cc298b2036d791900f6665
SHA1 hash:
fb3362a66fb1ad4fe3d2fedbfb01c19088655ab5
Link:
https://www.unpac.me/results/a20790fa-1326-4759-9ef9-4ff4dbc11e15/
SH256 hash:
8b0afc29252e09c0aa085e33dc92c26af0b65fbc3472feeb52051c8ed197e984
MD5 hash:
82d91e3d40d98e776eda16bdc020b6a4
SHA1 hash:
a0c52bc9315179b1ee07d3766f70395ec53690e0
Link:
https://www.unpac.me/results/a20790fa-1326-4759-9ef9-4ff4dbc11e15/
SH256 hash:
21475175893aad7b703ed54b536a5324b829984e9d8d6ea95bea38c2587b2410
MD5 hash:
c3014e1ac577effa609c0157b135959c
SHA1 hash:
dd1686b9d2562b8af5686dfe2a326fe4164f1b8f
Link:
https://www.unpac.me/results/a20790fa-1326-4759-9ef9-4ff4dbc11e15/
SH256 hash:
c4f0cd05bfa10a64ec943525443def0952c0a05975c965e235cd26496cab1fe6
MD5 hash:
f2fb40d6c70e707e104298f04dc99558
SHA1 hash:
cc8b062e965c2adc8080279538ea7abc8430ba67
Link:
https://www.unpac.me/results/a20790fa-1326-4759-9ef9-4ff4dbc11e15/
SH256 hash:
9a4862bd3fd8dfc539a2e8354d8fd72df57f82fbc2d8df0e67784c5b20b82407
MD5 hash:
230356879d056f6b5252ad292ac8d8d7
SHA1 hash:
530e0a35ab1ccc4bc08d5420dfa30c48bc6225e4
Link:
https://www.unpac.me/results/a20790fa-1326-4759-9ef9-4ff4dbc11e15/
SH256 hash:
15152dca99a73cdcb38cb7307fb48087b9c8ebd197c3a6b2444bc3c7626496f4
MD5 hash:
d1b27df75507f32898ba6736a4472673
SHA1 hash:
7c1134509467afc41da1832be422daccfa0f43dc
Link:
https://www.unpac.me/results/a20790fa-1326-4759-9ef9-4ff4dbc11e15/
SH256 hash:
d694eaf738b556c4402892033bf6bcc640ec969cacdaf27fafdda0f9070bd83a
MD5 hash:
b965e13559c04ea5e1517a0c62fad201
SHA1 hash:
abc50227d12f7939cfe0a73000a2d155f197775c
Link:
https://www.unpac.me/results/a20790fa-1326-4759-9ef9-4ff4dbc11e15/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments