MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0a3717f24e62afd75ba78f7cb4be280f89a8af6f0ebe3894e914eb537d4d63c9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Worm.Ramnit

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	0a3717f24e62afd75ba78f7cb4be280f89a8af6f0ebe3894e914eb537d4d63c9
SHA3-384 hash:	3e51ec229209cec048976e374a435e02e13c1aab6af8ff4971063054aad8203b7c6ffdb81fa7ae0c0a808a8071a17147
SHA1 hash:	62ad7084c91bc4e75281b6ff9e8abf1e6f27cf89
MD5 hash:	e84b2661f1d8542168efb047290a17ff
humanhash:	mirror-carpet-yellow-three
File name:	a292f2632ce5d19872850d789acef50e
Download:	download sample
Signature	Worm.Ramnit Create hunting rule
File size:	324'096 bytes
First seen:	2020-11-17 12:39:39 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	cf436b2d8382be2acb3225554d5da2ff (30 x Jadtre, 17 x Wapomi, 4 x Worm.Ramnit)
ssdeep	1536:uup3hqLgQ2izZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZbuPX:uEhWL2i/ORZWrTL/O2gZfCGCH
Threatray	639 similar samples on MalwareBazaar
TLSH	C3645085E509E662C8FBF87300BE1B47589C6E92A5A1F43C23547D7AFCFC610D4A352A
Reporter	seifreed
Tags:	Worm.Ramnit

Intelligence

File Origin

# of uploads :

1

# of downloads :

93

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

PUA.Win.Packer.Asprotect-3

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a file in the %temp% directory

Creating a process from a recently created file

Creating a window

Changing an executable file

DNS request

Modifying an executable file

Creating a file

Running batch commands

Creating a process with a hidden window

Connection attempt to an infection source

Infecting executable files

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/0a3717f24e62afd75ba78f7cb4be280f89a8af6f0ebe3894e914eb537d4d63c9/

Threat name:

Win32.Virus.Wapomi

Status:

Malicious

First seen:

2020-11-17 12:44:37 UTC

AV detection:

27 of 29 (93.10%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=bi3rp4somkx5ow5hr56ljprib6e2rl3pb27drfhjctvvg7knmpeq._file

Verdict:

unknown

Similar samples:

030a89094e7cafc5c334a183b630e92f38147e68c79d50d8294f065006e1114b

4a6323c37f6274eddbf912c4030116f14ab2003b4362e46e95342ecb555c2a91

746ff1697c458bd7962aff505f0023cdc988c428ef2dc67c06784572f3d1095f

a36d368d36fdf5aa8fa95b95a66b9c15d30156459a5a0bf597bb18038e710e83

ad34c491b24ede13ab046fb31c7e65e6ec41a16b9ae103da65817d394fa9b24c

b1b574cf0ee045cec266bae1461038989da590b50d843367a1e211bc75ad97be

b8c0c99165349c62293d6acbb5b6af5665029cefeb0474d74c9200b2f385109d

d1852ea99a4f02f812ef58d38e34ebd57dee7e2d25d0e2743c2ac67cd8ae36de

dce78079cf2ce89acc5df57aae62b9a42fde8977e1a7128c1cebfb910082da07

e2e495bbe9bb7f664231b68bd5c4ec519d38fcd666518fdd10aaee0299e94fca

+ 629 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

aspackv2

Link:

https://tria.ge/reports/201117-3qh9zgv736/

Behaviour

Suspicious use of WriteProcessMemory

Drops file in Program Files directory

Loads dropped DLL

ASPack v2.12-2.42

Executes dropped EXE

Unpacked files

SH256 hash:

0a3717f24e62afd75ba78f7cb4be280f89a8af6f0ebe3894e914eb537d4d63c9

MD5 hash:

e84b2661f1d8542168efb047290a17ff

SHA1 hash:

62ad7084c91bc4e75281b6ff9e8abf1e6f27cf89

Link:

https://www.unpac.me/results/83be7daa-3c57-4f41-803f-43dad2d3d302/

SH256 hash:

76bed0c083ff0178818aa7c4f5bca8e28d617d2486d86fd8899d9573369cdae8

MD5 hash:

9a38bb26fbcbd37b23703cd3b423471d

SHA1 hash:

95da290ea8fa49fbf19b8d11d8f7cf67b23d1f93

Detections:

win_unidentified_045_g0

win_unidentified_045_auto

Link:

https://www.unpac.me/results/83be7daa-3c57-4f41-803f-43dad2d3d302/

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample