MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8bdd3fc67f143159eb3cb3eb5dc0634448145a76604a0615cb2db7fb34127fd7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Worm.Ramnit


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8bdd3fc67f143159eb3cb3eb5dc0634448145a76604a0615cb2db7fb34127fd7
SHA3-384 hash: b2ff16a5451f0fd810f80cfc08f7d0b1ec481eed103a1536261f219778b145ab6e6fe805c66a8c23597d3ced513bc784
SHA1 hash: f7dc97162cd6209f6b8cb28e7c17066200d09311
MD5 hash: d3b6b2249fb6aa9c32a4b9b7d3a5dd4c
humanhash: paris-double-floor-ceiling
File name:8bdd3fc67f143159eb3cb3eb5dc0634448145a76604a0615cb2db7fb34127fd7
Download: download sample
Signature Worm.Ramnit
Create hunting rule
File size:7'200'768 bytes
First seen:2020-11-15 22:43:43 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 4741f7486b03721266ba5450d304412c (3 x Worm.Ramnit, 1 x Jadtre)
ssdeep 98304:JXCgYdmyPTdivTrkLLVtYni6fcrLxWDoSzkvIZXq7J6goC8zmkJ4a+VhpiGf8A0z:sRkc+qxr2IIZa7s08zmzYC
Threatray 2 similar samples on MalwareBazaar
TLSH 9F761223626240BAD0D54C358A3BBFB676B607264F52DDBB93C5ECC429225E0F323657
Reporter seifreed
Tags:Worm.Ramnit

Intelligence

File Origin
# of uploads :
1
# of downloads :
93
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.Asprotect-3
Create hunting rule

Win.Malware.Gotango-7000352-0
Create hunting rule

Win.Malware.Agen-7172367-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% directory
Creating a process from a recently created file
Creating a window
Changing an executable file
DNS request
Launching the default Windows debugger (dwwin.exe)
Modifying an executable file
Creating a file
Running batch commands
Creating a process with a hidden window
Connection attempt to an infection source
Infecting executable files
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8bdd3fc67f143159eb3cb3eb5dc0634448145a76604a0615cb2db7fb34127fd7/
Threat name:
Win32.Virus.Jadtre
Create hunting rule
Status:
Malicious
First seen:
2020-11-15 22:44:26 UTC
AV detection:
25 of 28 (89.29%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rpot7rt7cqyvt2z4wpvv3qddirebiwtwmbfamfolfw37wnasp7lq._file
Verdict:
unknown
Similar samples:
34a52388b0de94f535226b9e7e0815ca1e0eff80bf1b07f3d9de3fb9f50b26ac
Worm.Ramnit
68d9b1b79eac821bd61cfea1a528b5a26fc371be1e24bf71ec424fddb63e5c92
Worm.Ramnit
Result
Malware family:
n/a
Score:
  10/10
Tags:
aspackv2
Link:
https://tria.ge/reports/201115-6jw7qhyt7a/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Program crash
Drops file in Program Files directory
Loads dropped DLL
ASPack v2.12-2.42
Executes dropped EXE
Suspicious use of NtCreateProcessExOtherParentProcess
Unpacked files
SH256 hash:
8bdd3fc67f143159eb3cb3eb5dc0634448145a76604a0615cb2db7fb34127fd7
MD5 hash:
d3b6b2249fb6aa9c32a4b9b7d3a5dd4c
SHA1 hash:
f7dc97162cd6209f6b8cb28e7c17066200d09311
Link:
https://www.unpac.me/results/f9cc5c0b-0167-470f-a8c9-7c32e02e6c18/
SH256 hash:
02344e819017e99316c5f3ab70c35933e058fe6b6f5fed4c32751bdc65986d16
MD5 hash:
eb1c7faebec842eac051a70263937317
SHA1 hash:
606d5e0652c6a15d4802248b1518a4950464dce9
Detections:
win_unidentified_045_g0
Create hunting rule
win_unidentified_045_auto
Create hunting rule
Link:
https://www.unpac.me/results/f9cc5c0b-0167-470f-a8c9-7c32e02e6c18/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8bdd3fc67f143159eb3cb3eb5dc0634448145a76604a0615cb2db7fb34127fd7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments