MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3ee5a54480db0b8a0b2a5c28b04c1f6689945de2a977f5bff91f24e1548a6c7a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Ramnit

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	3ee5a54480db0b8a0b2a5c28b04c1f6689945de2a977f5bff91f24e1548a6c7a
SHA3-384 hash:	a435b285a1e4bd451613c0500182696dec2e2af0dd234c9f1531eaaaf410e911963d9316a5780146daa99fcaf00474d3
SHA1 hash:	1d0573747ef40dff6db14afb19a7c6f8b6cf0054
MD5 hash:	a927d58884bec16e86ab67e660550192
humanhash:	timing-spaghetti-early-venus
File name:	779ea607ed96392c8a6cb72099fd6e80
Download:	download sample
Signature	Ramnit Create hunting rule
File size:	258'048 bytes
First seen:	2020-11-17 11:57:25 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	0edf8a7800630c8ed9643789e8cd3a18 (6 x RedLineStealer, 2 x CoinMiner, 1 x Smoke Loader)
ssdeep	6144:eT/JfoUHoKnU8kdzOUsdXiEpyvCTLsF3bvym5bWxzR:eT/JfrvU8yvhvCTLcKXz
Threatray	14 similar samples on MalwareBazaar
TLSH	CA44DF017DEDC471D2A716BB8871C7644EBB74A63932A98F2B9501B8DF317E1CA3530A
Reporter	seifreed
Tags:	ramnit

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Dropper.Generickdz-9789082-0

Win.Malware.Glupteba-9789016-1

Win.Packed.Tofsee-9789948-0

Win.Trojan.Tofsee-9794257-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

DNS request

Sending a custom TCP request

Creating a file

Creating a window

Reading critical registry keys

Deleting a recently created file

Replacing files

Launching cmd.exe command interpreter

Launching a process

Stealing user critical data

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/3ee5a54480db0b8a0b2a5c28b04c1f6689945de2a977f5bff91f24e1548a6c7a/

Threat name:

Win32.Trojan.Glupteba

Status:

Malicious

First seen:

2020-11-17 12:00:52 UTC

AV detection:

26 of 28 (92.86%)

Threat level:

5/5

Verdict:

suspicious

Result

Malware family:

n/a

Score:

7/10

Tags:

discovery spyware stealer

Link:

https://tria.ge/reports/201117-meddvzs27j/

Behaviour

Creates scheduled task(s)

Suspicious use of WriteProcessMemory

Accesses 2FA software files, possible credential harvesting

Checks installed software on the system

Reads user/profile data of web browsers

Unpacked files

SH256 hash:

3ee5a54480db0b8a0b2a5c28b04c1f6689945de2a977f5bff91f24e1548a6c7a

MD5 hash:

a927d58884bec16e86ab67e660550192

SHA1 hash:

1d0573747ef40dff6db14afb19a7c6f8b6cf0054

Link:

https://www.unpac.me/results/0a302b8b-c651-4495-928b-4f9c0e68aae9/

SH256 hash:

6c113f9d287a0040a57943dc3a8e4e1849948bef416ad5353edc5224a039bf6e

MD5 hash:

35a9691b3544d70065be69011f23f434

SHA1 hash:

3dea635b492f11c0ff1b45636f81db9b66155a9d

Link:

https://www.unpac.me/results/0a302b8b-c651-4495-928b-4f9c0e68aae9/

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample