MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 494e6ffe7fd77e2810a4edc7bef8717c32397466ef5fbf2639e8a16a76a4331a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Worm.Ramnit

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	494e6ffe7fd77e2810a4edc7bef8717c32397466ef5fbf2639e8a16a76a4331a
SHA3-384 hash:	0b7a3409de23169e7d2b3ab6433a4cb471681ef78e1440b65eeeccd97c01d856412fabfecd98bb10ba77fcdd8f03df69
SHA1 hash:	72c37e320a97a1e7c5b8023f6d78e88673aaa45a
MD5 hash:	b2ca005294054988faf5cb912e5abcde
humanhash:	item-stream-december-triple
File name:	b2ca005294054988faf5cb912e5abcde
Download:	download sample
Signature	Worm.Ramnit Create hunting rule
File size:	212'992 bytes
First seen:	2020-11-17 15:44:22 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	03ae0108c7455c49c94d2d60afa1e57a (1 x Worm.Ramnit)
ssdeep	6144:Xacqi12LXU7lnTKNgujnLJmJo4OJYT1kEj1:t12Y7INggnLUkC
Threatray	187 similar samples on MalwareBazaar
TLSH	B1249E3275C4814AE667DB714CFA96F05A69BC11FBA16A0F72807F2EF8753924C127E0
Reporter	seifreed
Tags:	Worm.Ramnit

Intelligence

File Origin

# of uploads :

# of downloads :

111

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Malware.Razy-9759519-0

Win.Malware.Zusy-9759529-0

Win.Trojan.Agent-1381405

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Creating a file in the Windows directory

Running batch commands

Creating a process with a hidden window

Creating a file in the Windows subdirectories

Creating a process from a recently created file

Launching the default Windows debugger (dwwin.exe)

Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch

Enabling autorun by creating a file

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/494e6ffe7fd77e2810a4edc7bef8717c32397466ef5fbf2639e8a16a76a4331a/

Threat name:

Win32.Trojan.Aenjaris

Status:

Malicious

First seen:

2020-11-07 18:54:16 UTC

AV detection:

27 of 29 (93.10%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=jfhg77t7257cqefe5xd356drpqzds5dg55p36jrz5cqwu5vegmna._file

Verdict:

unknown

Worm.Ramnit

3fba18cd0da590c6e176aad69b89f3cec04f0f5dccf9a5d9788b5b9321269198

Worm.Ramnit

55660dccdc37f6d750552c1ea134aa190a13a5be74b4d887038de2616b930e06

Worm.Ramnit

743826d85a6d09cc72c7502f8b887fc1bcdc77428f057aadee0dd1afd5b8f392

Worm.Ramnit

8898ce01761e5d52855090f46470430143457d2ac26993dc1ccf60f68e5443ef

Worm.Ramnit

946c44fb38699cf220e56947c0cab59a5c37f443a0d2b519db6ec60108947e29

Worm.Ramnit

9dd41de95c73c14fe51a5ec3955d93809f7e30dc558bb5d1e47fa2e7ff4be8f9

Worm.Ramnit

bcacc8ff565ff1c5450dbcb891ddcec02e1106edcc2ac8af7c5dc880a3aaed5a

Worm.Ramnit

bd7209d63ac38aa235209d97015d12a13a5bb1141a8bc96079d5bcef62c1b6d9

Worm.Ramnit

e9fb97f4905c60c4ae91c7765862cee4d323885e7e92fcafbbdc3aebb07fe926

Worm.Ramnit

+ 177 additional samples on MalwareBazaar

Unpacked files

SH256 hash:

494e6ffe7fd77e2810a4edc7bef8717c32397466ef5fbf2639e8a16a76a4331a

MD5 hash:

b2ca005294054988faf5cb912e5abcde

SHA1 hash:

72c37e320a97a1e7c5b8023f6d78e88673aaa45a

Link:

https://www.unpac.me/results/361b857b-2d3e-4164-a709-c73ef9ddb4b8/

SH256 hash:

65d4c7651b70637e6a00d48e17f13a0ead027cac69d40595a5566d1aae1cc3f3

MD5 hash:

65f29527487ece15955751568dd75b67

SHA1 hash:

10f2a38aa757596d941e53c325cbea8932f35c97

Link:

https://www.unpac.me/results/361b857b-2d3e-4164-a709-c73ef9ddb4b8/

SH256 hash:

be61b4cb6d392d70559acb718799ce61d96ad92b9a1512894788ebb212b36d65

MD5 hash:

bd0406c81f3709ed4aa34d2a48961706

SHA1 hash:

06eb545af6e421c0a66256e6a18646abee61b202

Link:

https://www.unpac.me/results/361b857b-2d3e-4164-a709-c73ef9ddb4b8/

SH256 hash:

9ba56a147b82d3cb96c5cfe24e3140b8def08f1adbd4053744625a36698c5d1a

MD5 hash:

fea85b2b81f4790fa32d510418b4fb18

SHA1 hash:

832080afd283583e497305e5aa6ee03324e75217

Link:

https://www.unpac.me/results/361b857b-2d3e-4164-a709-c73ef9ddb4b8/

SH256 hash:

4a9afcbe8d1edd78f944c5148d6f02a32551ec8a3465b3dea0a303dc478ba24b

MD5 hash:

de1d732016aa617d207d4cc339ef3310

SHA1 hash:

0bd81e6f223567a92ba535c6bba837919290aed9

Link:

https://www.unpac.me/results/361b857b-2d3e-4164-a709-c73ef9ddb4b8/

SH256 hash:

8e9497b39d6bcdbe5de194268ca224ef5adf767f508ca65fdc80ad2e6a6e0caa

MD5 hash:

197d6503b2ae80520992863db4126203

SHA1 hash:

3129f83b288c07874f91eed12290d6a8b2c32b32

Link:

https://www.unpac.me/results/361b857b-2d3e-4164-a709-c73ef9ddb4b8/

SH256 hash:

19bec568f17433497d695dcc0571fb80011b47b959926ef04726309bce599db6

MD5 hash:

d188a08a7097700bd29a11930dbe03b1

SHA1 hash:

7a516206a74faf2012b876e3219e6c679a69e3b1

Link:

https://www.unpac.me/results/361b857b-2d3e-4164-a709-c73ef9ddb4b8/

SH256 hash:

94cdddbce439ae1bb78d629ebb86f674a373760deb17eb7b0043e97b2a480443

MD5 hash:

bc4fe8b74e4dd779b6138f54d64ebdaa

SHA1 hash:

6795e1424bd24ef26848fd7b7cb2c231501bfbc1

Link:

https://www.unpac.me/results/361b857b-2d3e-4164-a709-c73ef9ddb4b8/

SH256 hash:

8ceca79678e10946c1bff35e5f8cfc454ae1de810cf1874dae1563efc9545679

MD5 hash:

f03ea3d923797b3697ae436bb981ea1d

SHA1 hash:

643b8600ffb880e52ac16546dff3e94ceedb3a22

Link:

https://www.unpac.me/results/361b857b-2d3e-4164-a709-c73ef9ddb4b8/

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample