MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9edbdfe197acf70216e52d558ff3c076be7b71c67beaa56f0fe06ef769db144e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Ramnit


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9edbdfe197acf70216e52d558ff3c076be7b71c67beaa56f0fe06ef769db144e
SHA3-384 hash: cdae0fd6b01c2a45a28baefddef23169e5f0038847555342aeaa98fc8abe3054347ee73fd8d467104164fdf5c4c20996
SHA1 hash: 34ccb5143d93a0bf6f0e82ee9734de99b652a0cb
MD5 hash: f4d18a2b4857819ecac822f1ef38fa7c
humanhash: quebec-failed-cold-north
File name:f4d18a2b_by_Libranalysis
Download: download sample
Signature Ramnit
Create hunting rule
File size:289'148 bytes
First seen:2021-05-05 08:02:07 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash e9924f99c812303f36d72b1772856b4b (19 x Jadtre, 8 x Wapomi, 2 x Worm.Ramnit)
ssdeep 3072:JJw8KYg5zA5GsMYSxSJiN/vGss9kTBf9pAXAtPOYQwRR9JgUCwi9rnVpUC8GHs:J035iMhL/vGsbTBl2wOsR6U9WrnXUC8H
Threatray 1'121 similar samples on MalwareBazaar
TLSH B3545B603DF0C2B6E81120F19279C2ABAD6A386D15D6F5476F870F74CF58B82E679348
Reporter Libranalysis
Tags:ramnit


Avatar
Libranalysis
Uploaded as part of the sample sharing project

Intelligence

File Origin
# of uploads :
1
# of downloads :
1'157
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/149938/
Detection(s):
Win.Trojan.Ramnit-1849
Create hunting rule

Win.Trojan.Ramnit-1847
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file
Creating a process from a recently created file
Creating a window
Launching a process
Sending a UDP request
Searching for the window
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
ramnit
Create hunting rule
Link:
https://mwdb.cert.pl/sample/9edbdfe197acf70216e52d558ff3c076be7b71c67beaa56f0fe06ef769db144e/
Threat name:
Win32.Worm.Ramnit
Create hunting rule
Status:
Malicious
First seen:
2020-05-06 19:32:00 UTC
AV detection:
29 of 29 (100.00%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
01c5ac824171a164473d92187f8031f2bc7103397fe534f56771d8e9589445e0
Ramnit
173240b443fdb5cc7ed97cf6eedeb0d823924df3dab6d468c9da2898443f3ac6
Ramnit
1a859f18a203b53f7c893f9e3d3cbfeb6bd9c0d479f1ddd5626ba4c9eb34e670
Ramnit
2dc2cf646b7c31af83b7e91b3fabcb0c86cefea53aca57ce7e0d52aa943de13c
Ramnit
414d612f1134c580046095e37ead026b1c2fbfa31432e1ee662276286983fa24
Ramnit
712902f16ad8e9570dc1e25dba5f4219f3fdd497d727f08dd98f1c6baa78335b
Ramnit
8f71fca5621ccb7ba3558cfebc17014d27923d1c73ad97ececb577fd5b937047
Ramnit
8fa3eaa46c7d8d1f44a2eeca895f802f2aa7a2251bab347ccb765c72d63ccb58
Ramnit
9b8e02c9169932cb809300c4dff5afc240aba4d5a87264f0f7123314345c6248
Ramnit
a8fe6d7fa624e8e96f71d3ff6375a012b44b51f06179feb7cef8c33fd6d38570
Ramnit
+ 1'111 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
upx
Link:
https://tria.ge/reports/210505-695e6vzh3j/
Behaviour
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of UnmapMainImage
Suspicious use of WriteProcessMemory
Loads dropped DLL
Executes dropped EXE
UPX packed file
Unpacked files
SH256 hash:
985f1f17203a632b8fb2093278b42e3de3f9a7df1409431b7010df765675198a
MD5 hash:
0f1114d69d2541d8a3e9f9263a0b7e54
SHA1 hash:
8e310de4cb97eaa9395829b816d8968d3a1df9f8
Detections:
win_ramnit_g0
Create hunting rule
win_ramnit_g1
Create hunting rule
win_ramnit_auto
Create hunting rule
Link:
https://www.unpac.me/results/23086429-1ad1-4aa8-9e55-788815ffb808/
Parent samples :
4c460b12b1f4594cb2bb7d67c117cb694614aba1c18abfa1041c76ef47eec44c
9edbdfe197acf70216e52d558ff3c076be7b71c67beaa56f0fe06ef769db144e
f1da2af4d03374487f047533fcf04795dab48c3b862342c0219bab3e5dbb52c4
9303baf8bfa696731486273de443d5424dbe71c01fb856aa31cd778bbd4753b4
a0adbb57264ffd5b728b19b8217ae80ba073a0a440978dde87466ba81ef668de
SH256 hash:
5e805780f4e840580c60a8925a129e78b6b4bcf2a64cc12287c9f2f0ce25c4a4
MD5 hash:
9e57e3a559908c2445d40496210707da
SHA1 hash:
4b6db64c6e560665f13f3974457a880c53a6174e
Detections:
win_ramnit_g0
Create hunting rule
win_ramnit_g1
Create hunting rule
win_ramnit_auto
Create hunting rule
Link:
https://www.unpac.me/results/23086429-1ad1-4aa8-9e55-788815ffb808/
Parent samples :
4c460b12b1f4594cb2bb7d67c117cb694614aba1c18abfa1041c76ef47eec44c
9edbdfe197acf70216e52d558ff3c076be7b71c67beaa56f0fe06ef769db144e
f1da2af4d03374487f047533fcf04795dab48c3b862342c0219bab3e5dbb52c4
9303baf8bfa696731486273de443d5424dbe71c01fb856aa31cd778bbd4753b4
a0adbb57264ffd5b728b19b8217ae80ba073a0a440978dde87466ba81ef668de
SH256 hash:
651daeb74b3db45de21b0a82ad2b70288c605127d054a67ea32bf457206582e1
MD5 hash:
d99706fead4e925acccb4bf0094f7ad8
SHA1 hash:
faa8194211076b33f247a3037eb4cfc4661bc3d7
Link:
https://www.unpac.me/results/23086429-1ad1-4aa8-9e55-788815ffb808/
SH256 hash:
9edbdfe197acf70216e52d558ff3c076be7b71c67beaa56f0fe06ef769db144e
MD5 hash:
f4d18a2b4857819ecac822f1ef38fa7c
SHA1 hash:
34ccb5143d93a0bf6f0e82ee9734de99b652a0cb
Link:
https://www.unpac.me/results/23086429-1ad1-4aa8-9e55-788815ffb808/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/9edbdfe197acf70216e52d558ff3c076be7b71c67beaa56f0fe06ef769db144e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/149938/

Comments