MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9303baf8bfa696731486273de443d5424dbe71c01fb856aa31cd778bbd4753b4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Ramnit


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9303baf8bfa696731486273de443d5424dbe71c01fb856aa31cd778bbd4753b4
SHA3-384 hash: d50ae99eb247b02b3c9991a6267ef2ebe8d2b72ad85d9098b14e2986853f2332b58f40d4d016d38ca801dfa0b62b9d84
SHA1 hash: fd1fb270d1f311267f851015e8a399ddc0695911
MD5 hash: cff3997615f8404f1a1a7a281bf11b3e
humanhash: cup-red-bluebird-butter
File name:cff39976_by_Libranalysis
Download: download sample
Signature Ramnit
Create hunting rule
File size:160'122 bytes
First seen:2021-05-05 11:04:18 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 7b7934e66094c0c143762109c757defc (2 x Ramnit)
ssdeep 3072:4zwMLJex+UfoWT3MAALf4FNHP5tn/9AXP0PFHvmjZZzUfv:4zpMxFM/LuNv5FFa4FHaZS
Threatray 1'131 similar samples on MalwareBazaar
TLSH 25F31511A1C96631DADF01B208DB060977E6E81D0A16F0325E7F7E0B3B63FEB4599A47
Reporter Libranalysis
Tags:ramnit


Avatar
Libranalysis
Uploaded as part of the sample sharing project

Intelligence

File Origin
# of uploads :
1
# of downloads :
1'156
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/150438/
Detection(s):
Win.Trojan.Ramnit-1849
Create hunting rule

Win.Trojan.Ramnit-1847
Create hunting rule

Win.Virus.Ramnit-9775603-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the Windows subdirectories
Creating a process from a recently created file
Launching a process
Sending a UDP request
Creating a window
Searching for the window
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Ramnit
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/6f16e98f-9e6c-4947-b57c-f36597b7ad38
Detection:
ramnit
Create hunting rule
Link:
https://mwdb.cert.pl/sample/9303baf8bfa696731486273de443d5424dbe71c01fb856aa31cd778bbd4753b4/
Threat name:
Win32.Worm.Ramnit
Create hunting rule
Status:
Malicious
First seen:
2020-05-06 19:54:08 UTC
AV detection:
30 of 31 (96.77%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
173240b443fdb5cc7ed97cf6eedeb0d823924df3dab6d468c9da2898443f3ac6
Ramnit
712902f16ad8e9570dc1e25dba5f4219f3fdd497d727f08dd98f1c6baa78335b
Ramnit
734098da5181ec0da88f41dbfb9711ee9001a2b86c1c9d15d3281cdcaddfdeed
Ramnit
7bae23fbfdb6dc3e5955a241be769aceccebeff739823d770ca65c958e552146
Ramnit
8f71fca5621ccb7ba3558cfebc17014d27923d1c73ad97ececb577fd5b937047
Ramnit
8fa3eaa46c7d8d1f44a2eeca895f802f2aa7a2251bab347ccb765c72d63ccb58
Ramnit
9b8e02c9169932cb809300c4dff5afc240aba4d5a87264f0f7123314345c6248
Ramnit
9edbdfe197acf70216e52d558ff3c076be7b71c67beaa56f0fe06ef769db144e
Ramnit
ce2700966f2ce633908d111088351c66794a122a892e844816cc02372f028a13
Ramnit
f1da2af4d03374487f047533fcf04795dab48c3b862342c0219bab3e5dbb52c4
Ramnit
+ 1'121 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
upx
Link:
https://tria.ge/reports/210505-n94asr71sj/
Behaviour
Modifies Internet Explorer settings
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of UnmapMainImage
Suspicious use of WriteProcessMemory
Drops file in System32 directory
Loads dropped DLL
Executes dropped EXE
UPX packed file
Unpacked files
SH256 hash:
985f1f17203a632b8fb2093278b42e3de3f9a7df1409431b7010df765675198a
MD5 hash:
0f1114d69d2541d8a3e9f9263a0b7e54
SHA1 hash:
8e310de4cb97eaa9395829b816d8968d3a1df9f8
Detections:
win_ramnit_g0
Create hunting rule
win_ramnit_g1
Create hunting rule
win_ramnit_auto
Create hunting rule
Link:
https://www.unpac.me/results/bf9ee3ec-1365-4779-babb-c5828a0f4828/
Parent samples :
4c460b12b1f4594cb2bb7d67c117cb694614aba1c18abfa1041c76ef47eec44c
9edbdfe197acf70216e52d558ff3c076be7b71c67beaa56f0fe06ef769db144e
f1da2af4d03374487f047533fcf04795dab48c3b862342c0219bab3e5dbb52c4
9303baf8bfa696731486273de443d5424dbe71c01fb856aa31cd778bbd4753b4
a0adbb57264ffd5b728b19b8217ae80ba073a0a440978dde87466ba81ef668de
SH256 hash:
5e805780f4e840580c60a8925a129e78b6b4bcf2a64cc12287c9f2f0ce25c4a4
MD5 hash:
9e57e3a559908c2445d40496210707da
SHA1 hash:
4b6db64c6e560665f13f3974457a880c53a6174e
Detections:
win_ramnit_g0
Create hunting rule
win_ramnit_g1
Create hunting rule
win_ramnit_auto
Create hunting rule
Link:
https://www.unpac.me/results/bf9ee3ec-1365-4779-babb-c5828a0f4828/
Parent samples :
4c460b12b1f4594cb2bb7d67c117cb694614aba1c18abfa1041c76ef47eec44c
9edbdfe197acf70216e52d558ff3c076be7b71c67beaa56f0fe06ef769db144e
f1da2af4d03374487f047533fcf04795dab48c3b862342c0219bab3e5dbb52c4
9303baf8bfa696731486273de443d5424dbe71c01fb856aa31cd778bbd4753b4
a0adbb57264ffd5b728b19b8217ae80ba073a0a440978dde87466ba81ef668de
SH256 hash:
9303baf8bfa696731486273de443d5424dbe71c01fb856aa31cd778bbd4753b4
MD5 hash:
cff3997615f8404f1a1a7a281bf11b3e
SHA1 hash:
fd1fb270d1f311267f851015e8a399ddc0695911
Link:
https://www.unpac.me/results/bf9ee3ec-1365-4779-babb-c5828a0f4828/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Ramnit
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/9303baf8bfa696731486273de443d5424dbe71c01fb856aa31cd778bbd4753b4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/150438/

Comments