MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 f8bb14872c59ab2fb7e0e15c511e72e140d59d5feaa3a3cca48997b29cd342c0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 3
| SHA256 hash: | f8bb14872c59ab2fb7e0e15c511e72e140d59d5feaa3a3cca48997b29cd342c0 |
|---|---|
| SHA3-384 hash: | 06910558f738c11312246aa0383bb12550e6d8c1f644942882784a7648dada72ccde12b0ff0de964717da434818739a6 |
| SHA1 hash: | a9cbc353e5527f31f7eb7bfef245a5c870779a7e |
| MD5 hash: | a009797259a9c5fa0c16e4050321754b |
| humanhash: | carolina-early-kilo-sierra |
| File name: | a009797259a9c5fa0c16e4050321754b |
| Download: | download sample |
| File size: | 212'992 bytes |
| First seen: | 2020-11-17 11:38:01 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | 03ae0108c7455c49c94d2d60afa1e57a (1 x Worm.Ramnit) |
| ssdeep | 3072:jBbOuXzAmXo5vBBydO7L+P7wlxillclNynoUdHtE46I0R0Ts6JGvAW9u5nALathN:1bOwAmFl50Rgta9LathoGmZQkEj1 |
| Threatray | 37 similar samples on MalwareBazaar |
| TLSH | 82248C4233D0E611F233867584E6C92446FEBC679FB452CB7260336FAEB2690AC557E4 |
| Reporter |  seifreed |
Intelligence
File Origin
# of uploads :
1
# of downloads :
56
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:
Behaviour
Sending a UDP request
Creating a window
Creating a file in the Windows subdirectories
Running batch commands
Creating a process with a hidden window
Launching the default Windows debugger (dwwin.exe)
Creating a process from a recently created file
Creating a file in the Windows directory
Threat name:
Win32.Trojan.Aenjaris
Status:
Malicious
First seen:
2020-11-07 19:01:32 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
5/5
Verdict:
unknown
Similar samples:
+ 27 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
10/10
Tags:
n/a
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Program crash
Drops file in Windows directory
Loads dropped DLL
Executes dropped EXE
ServiceHost packer
Suspicious use of NtCreateProcessExOtherParentProcess
Unpacked files
SH256 hash:
a336416f5e2c2e0e01068717023beff0986d012d98f575167c8c4bcf683754a7
MD5 hash:
1e88162778db2458629059f40196dc15
SHA1 hash:
d233db84300c74be636ff4a3ceee151c7b264bb8
SH256 hash:
f966e1e37e99773a5a050be1f025aad5100c4965162553dc1c5b87a757be3b17
MD5 hash:
03bf9961476b9587e51146801cf104aa
SHA1 hash:
96db4677a3ddddfb0cb1ef09799e47e9ee40fdbb
SH256 hash:
370c7561479909cc9e17860ea4c686272fb2cd898f571a11804826564875ee1c
MD5 hash:
08dbb6d67ca7e5673f7c5edc64752f20
SHA1 hash:
06a42a893feb8d808f8339c3a5feae65f3c5b4dd
SH256 hash:
f8bb14872c59ab2fb7e0e15c511e72e140d59d5feaa3a3cca48997b29cd342c0
MD5 hash:
a009797259a9c5fa0c16e4050321754b
SHA1 hash:
a9cbc353e5527f31f7eb7bfef245a5c870779a7e
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Delivery method
Other
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.