MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a83fcb8454befab866f2ab18871017730bcfc3f690106844f740ebbd8cadd6d8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a83fcb8454befab866f2ab18871017730bcfc3f690106844f740ebbd8cadd6d8
SHA3-384 hash: 8b2fd5a668ccff4923bce0cdb6e6b9dde5d9e12b74480feb3f9ad8b325634a34b228192a5317019633586898039dc52d
SHA1 hash: c4884077dda14fb1ee442c39f31cbc1a505651ac
MD5 hash: 38af588745580e1c5d31d35ec5ec6dd5
humanhash: kentucky-steak-high-solar
File name:931fdd551975cf30ae02f85a90c5ee22
Download: download sample
File size:220'672 bytes
First seen:2020-11-17 12:30:08 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash b6272d5ac2d9bb0c2485c8426919667b (1 x Ramnit)
ssdeep 6144:aP4t6GXEutt8CT8kGeP2AAKnaQpUZ7S3:awt6Puv8COYFaQps8
Threatray 14 similar samples on MalwareBazaar
TLSH 3F240222BC62DCF2C89E417548A1DB566E7BD83512B9429B3B6C6B4F4F513D19332323
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
55
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Generic-9791648-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
DNS request
Sending a custom TCP request
Creating a file
Creating a window
Reading critical registry keys
Deleting a recently created file
Replacing files
Launching cmd.exe command interpreter
Launching a process
Stealing user critical data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a83fcb8454befab866f2ab18871017730bcfc3f690106844f740ebbd8cadd6d8/
Threat name:
Win32.Trojan.RanumBot
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 12:36:26 UTC
AV detection:
26 of 29 (89.66%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
28af95bea8456409bdb09856b0f46304eff9801c3c841b1362ca7a794d7628a5
2f40f4d8e5fd1aeb0510e07f954f0f22f6d0e6644bae21bfcd5b913696c158cb
3ee5a54480db0b8a0b2a5c28b04c1f6689945de2a977f5bff91f24e1548a6c7a
77867995d1e8388230c9f71fee5e835b346bfcfef3fde418c6a773eea11b4afd
9e5f370201251e8dc138678f8e0d4f0bdd75e1353edcc77d41c8401621c2c671
e10c07621cbf12d95bfcb870835c10bbda376fd9e17e49f5caca6b3a3d239bdb
e9e099041f67a2d9aa3088393503bb566166e65fdf97447e48fe26b5447e6f61
ebbf1f05b4ebc687893c9989688b139424d0fe6242ab490c7282b7bd6299c187
f1dc32d9d1065e929bea07b26b09210056271a74dcf0e6b4e2d9705590b3753e
f69bdd82ca22268d090832707e37b1cae408ba96476843b55feedac11acc6277
+ 4 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
discovery spyware stealer
Link:
https://tria.ge/reports/201117-8rw338ke9j/
Behaviour
Creates scheduled task(s)
Suspicious use of WriteProcessMemory
Accesses 2FA software files, possible credential harvesting
Checks installed software on the system
Reads user/profile data of web browsers
Unpacked files
SH256 hash:
a83fcb8454befab866f2ab18871017730bcfc3f690106844f740ebbd8cadd6d8
MD5 hash:
38af588745580e1c5d31d35ec5ec6dd5
SHA1 hash:
c4884077dda14fb1ee442c39f31cbc1a505651ac
Link:
https://www.unpac.me/results/aadaa076-2bd7-44f3-8048-00430beda627/
SH256 hash:
6c113f9d287a0040a57943dc3a8e4e1849948bef416ad5353edc5224a039bf6e
MD5 hash:
35a9691b3544d70065be69011f23f434
SHA1 hash:
3dea635b492f11c0ff1b45636f81db9b66155a9d
Link:
https://www.unpac.me/results/aadaa076-2bd7-44f3-8048-00430beda627/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments