MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 38b1b7802b0fe3b47002dc3d6cf5e3c360433bee072e4653cac2bfa61906f293. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Ramnit


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 38b1b7802b0fe3b47002dc3d6cf5e3c360433bee072e4653cac2bfa61906f293
SHA3-384 hash: 4261fb584fa47f1a868b1feb93e6ccd649a0bcda947d8990c9f8566b22e8476e25ba44be92abed044f74d55e37d5dec1
SHA1 hash: 123acab84ba6a9aefc75f3d3f1cf129fca3bbdf6
MD5 hash: fcbda965e4bb669ef5a7f4e33a5d0f68
humanhash: sodium-colorado-skylark-kansas
File name:Anti.exe
Download: download sample
Signature Ramnit
Create hunting rule
File size:326'637 bytes
First seen:2021-09-01 13:07:48 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 093a51e0b7dcb2466b7edfd78d191aa0 (1 x Ramnit)
ssdeep 1536:/wZZnAEjEIZvumULmj4wrraK5dZ4Ltta9Km/ec3DtAL6bmZ4bXSjrAE+fySPoqRI:InnAQVG/LytaKItS/fiLKS+f5Aq7i
Threatray 4'767 similar samples on MalwareBazaar
TLSH T12E64C0D6363F10B3ED2DBCB300634D36F26F5EA319D2DA8A900485B47E62251CDA6753
dhash icon b590d2466718d265 (1 x Ramnit)
Reporter seikenDEV
Tags:exe pe32 ramnit

Intelligence

File Origin
# of uploads :
1
# of downloads :
924
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Anti.exe
Verdict:
Malicious activity
Analysis date:
2021-09-01 13:07:23 UTC
Tags:
trojan ramnit
Link:
https://app.any.run/tasks/d8f427ce-e435-432d-bde9-92fe47f0c445

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/184458/
Detection(s):
Win.Packed.Ramnit-9773470-0
Create hunting rule

Win.Trojan.Ramnit-7847
Create hunting rule

Win.Trojan.Ramnit-7848
Create hunting rule

Win.Trojan.Ramnit-7242
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% directory
Deleting a recently created file
Launching the default Windows debugger (dwwin.exe)
Sending a UDP request
Malware family:
Malicious Packer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/e01d1acf-a95c-4ab6-a5c4-6726696d264a
Result
Threat name:
Ramnit
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/843325
Signature
Antivirus / Scanner detection for submitted sample
DLL reload attack detected
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Renames NTDLL to bypass HIPS
Yara detected Ramnit
Behaviour
Behavior Graph:
Download SVG
Detection:
ramnit
Create hunting rule
Link:
https://mwdb.cert.pl/sample/38b1b7802b0fe3b47002dc3d6cf5e3c360433bee072e4653cac2bfa61906f293/
Threat name:
Win32.Worm.Ramnit
Create hunting rule
Status:
Malicious
First seen:
2021-02-19 01:45:00 UTC
AV detection:
29 of 29 (100.00%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
596e82d24c64a373095159ee769df582d6f34fde24eb537aca442d8f01c491db
Ramnit
734098da5181ec0da88f41dbfb9711ee9001a2b86c1c9d15d3281cdcaddfdeed
Ramnit
786b9cb2fa5e78e4bc0d9e67e6f90c0229b150bacfd3e75cf46a9c3a67d57a67
Ramnit
7bae23fbfdb6dc3e5955a241be769aceccebeff739823d770ca65c958e552146
Ramnit
8f71fca5621ccb7ba3558cfebc17014d27923d1c73ad97ececb577fd5b937047
Ramnit
9303baf8bfa696731486273de443d5424dbe71c01fb856aa31cd778bbd4753b4
Ramnit
9edbdfe197acf70216e52d558ff3c076be7b71c67beaa56f0fe06ef769db144e
Ramnit
ce2700966f2ce633908d111088351c66794a122a892e844816cc02372f028a13
Ramnit
f1da2af4d03374487f047533fcf04795dab48c3b862342c0219bab3e5dbb52c4
Ramnit
fff95dfbf281b06c60e70f3e27dbe11736ce70a515abd993e96810a71eb6448d
Ramnit
+ 4'757 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Link:
https://tria.ge/reports/210901-jfmma4e7y2/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Program crash
Loads dropped DLL
Suspicious use of NtCreateProcessExOtherParentProcess
Unpacked files
SH256 hash:
38b1b7802b0fe3b47002dc3d6cf5e3c360433bee072e4653cac2bfa61906f293
MD5 hash:
fcbda965e4bb669ef5a7f4e33a5d0f68
SHA1 hash:
123acab84ba6a9aefc75f3d3f1cf129fca3bbdf6
Link:
https://www.unpac.me/results/3ac33a4b-bbb3-4ef6-878a-bcb320172fca/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.19
Link:
https://yomi.yoroi.company/submissions/38b1b7802b0fe3b47002dc3d6cf5e3c360433bee072e4653cac2bfa61906f293

File information

The table below shows additional information about this malware sample such as delivery method and external references.

anyrun
any.run
https://app.any.run/tasks/d8f427ce-e435-432d-bde9-92fe47f0c445
Cape
Cape
https://www.capesandbox.com/analysis/184458/

Comments