MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f76cdea564963e2d2eb5c87d6545dee27bb560cfec5b60e05ebd7947ceda5f8d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Worm.Ramnit

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	f76cdea564963e2d2eb5c87d6545dee27bb560cfec5b60e05ebd7947ceda5f8d
SHA3-384 hash:	7704c25ba993769d4ef49f6f83ec65305ab13e45af73ab540f0b42298be637c44fa4e4c41c913aca2e688a7d296f10fc
SHA1 hash:	72c96cbaab203877747175db3614e8a579cdb83c
MD5 hash:	62eeb6df4874586be0ffd2fbde94f324
humanhash:	alabama-delta-green-bulldog
File name:	ad528eb946b3cb49d22d497f884a42e5
Download:	download sample
Signature	Worm.Ramnit Create hunting rule
File size:	324'096 bytes
First seen:	2020-11-17 14:04:53 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	cf436b2d8382be2acb3225554d5da2ff (30 x Jadtre, 17 x Wapomi, 4 x Worm.Ramnit)
ssdeep	3072:ufUvFljhRhs3Dw4dcWukhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh:ufUvW3DRdcdF
Threatray	1'381 similar samples on MalwareBazaar
TLSH	37644E437781E67FCDD0CC3660C6B46BC59A2F638A077460A162BF7A4673452E9CBA13
Reporter	seifreed
Tags:	Worm.Ramnit

Intelligence

File Origin

# of uploads :

1

# of downloads :

91

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

PUA.Win.Packer.Asprotect-3

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a file in the %temp% directory

Creating a process from a recently created file

Creating a window

Changing an executable file

DNS request

Modifying an executable file

Creating a file

Running batch commands

Creating a process with a hidden window

Connection attempt to an infection source

Infecting executable files

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/f76cdea564963e2d2eb5c87d6545dee27bb560cfec5b60e05ebd7947ceda5f8d/

Threat name:

Win32.Virus.Wapomi

Status:

Malicious

First seen:

2020-11-17 14:05:28 UTC

AV detection:

25 of 29 (86.21%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=65wn5jlesy7c2lvvzb6wkro64j53kygp5rnwbyc6xv4uptw2l6gq._file

Verdict:

unknown

Similar samples:

13048505f556d6ea56269b68d126582245a8bfe9e7d06c932b9570c4a0ef5276

1a7f94731f5a806a7561ba82c770675dac4507ed85fd62c7d1bc51fd4cd21722

71b89a1f96e5c42e9b91cd4ab1d8e281db4cb5622d56820766db528a9209d45d

98c7c3d0c4142048af218cb5c6dec22ee0a0cc7e992f18bb953f2e6db0709853

bbe2eb0286beaee2bccf5c44b09cb56ea2353917d7bd13b97b0f71babd99aec8

ce05822a11ce41235c590f897b9595d84f71b3e6d1218c4eb4f17c7a962d6d15

dbe0be3a1d54f8a01717f052c97f7b5754279a6aac75baecdf490733acedebe3

e18fbc6301c2652a0fbcaeae5b46109ba6417771c400bb4b0b5189545cf9f56f

eec2362bb0574d44cbef4e0ffc74635a09ebaf87d64c0545bb0380b42daf406b

efe5c6a4f042d5789f4985259a34f44f63c999a7c2a18ccd58fbb0d8cae4fa70

+ 1'371 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

aspackv2

Link:

https://tria.ge/reports/201117-fgsmbadv1j/

Behaviour

Suspicious use of WriteProcessMemory

Drops file in Program Files directory

Loads dropped DLL

ASPack v2.12-2.42

Executes dropped EXE

Unpacked files

SH256 hash:

f76cdea564963e2d2eb5c87d6545dee27bb560cfec5b60e05ebd7947ceda5f8d

MD5 hash:

62eeb6df4874586be0ffd2fbde94f324

SHA1 hash:

72c96cbaab203877747175db3614e8a579cdb83c

Link:

https://www.unpac.me/results/08263ced-168c-4424-88e5-cbb7a1362700/

SH256 hash:

f9ceabcb5bf9df2ee7c4c2aec43892313ca7b18ab210f06698d495a006410e9f

MD5 hash:

e204dc6e6765728f2ca3e2e7c3bbcf71

SHA1 hash:

0bb115a84b40ecf12cb4a0d7881f7820effb1062

Detections:

win_unidentified_045_g0

win_unidentified_045_auto

Link:

https://www.unpac.me/results/08263ced-168c-4424-88e5-cbb7a1362700/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Darkshell

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/f76cdea564963e2d2eb5c87d6545dee27bb560cfec5b60e05ebd7947ceda5f8d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample