MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cdbc54f3e2f91b4402096a585879d8fac004adfbc790ff94f86abf7ba19399b8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Ramnit

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	cdbc54f3e2f91b4402096a585879d8fac004adfbc790ff94f86abf7ba19399b8
SHA3-384 hash:	cbc2d0ac347c9dccdfc81ea66f125f1ba3e492c80a89e3c3d45e2b4fe5df66d7230b795eb58df114e5b8d02deed3539d
SHA1 hash:	1354adbab8a20e5cf26f52f7b5dd7252a0e070e8
MD5 hash:	05c9b414ae26940bb49d5bb4a70e517a
humanhash:	montana-edward-pennsylvania-finch
File name:	cdbc54f3e2f91b4402096a585879d8fac004adfbc790ff94f86abf7ba19399b8
Download:	download sample
Signature	Ramnit Create hunting rule
File size:	127'321 bytes
First seen:	2020-11-07 19:29:46 UTC
Last seen:	Never
File type:	dll
MIME type:	application/x-dosexec
imphash	b2e50cc60a521158b3ea2d099cbea42b (1 x Ramnit)
ssdeep	3072:0B+Tl0en09fuCkURXw5WyATCYlAXuCEAk7Qip6Ja8VXd:0Pw5GCYl7CSQipml
Threatray	3 similar samples on MalwareBazaar
TLSH	6DC3CFD0D6BFC815E861AD326BBF1301283B9D2FE5E876A1CF700D510A34C5957AE729
Reporter	seifreed
Tags:	ramnit

Intelligence

File Origin

# of uploads :

1

# of downloads :

588

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Trojan.Ramnit-1849

Win.Trojan.Ramnit-1847

Win.Virus.Ramnit-9775603-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a file in the Windows subdirectories

Creating a process from a recently created file

Launching a process

Creating a window

Searching for the window

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/cdbc54f3e2f91b4402096a585879d8fac004adfbc790ff94f86abf7ba19399b8/

Gathering data

Verdict:

malicious

Similar samples:

af86c7d38b436ded683e7a304f9200312aaa8e283c31de972bfabcd87a857a1b

aff4e29973c297fd764b3ba81237afd91912f51f9a4babfd766ce80f9ace2676

eb6472cb9139a37375c07bcf4e2e9b4744118d7b497f4858755a166468fb2574

Result

Malware family:

n/a

Score:

8/10

Tags:

upx

Link:

https://tria.ge/reports/201108-2jnp72fl1e/

Behaviour

Modifies Internet Explorer settings

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of UnmapMainImage

Suspicious use of WriteProcessMemory

Drops file in System32 directory

Loads dropped DLL

Executes dropped EXE

UPX packed file

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample