ramnit | fb0ba2f663482572e870512c591e87c605ef211f5e8a3f87e34671bfb2e465f4 | Triage

Submit
Reports

Overview

overview

Static

static

fb0ba2f663...f4.exe

windows7_x64

fb0ba2f663...f4.exe

windows10_x64

Sharing

General

Target

fb0ba2f663482572e870512c591e87c605ef211f5e8a3f87e34671bfb2e465f4
Size

18.1MB
Sample

210513-g6eyhrgnej
MD5

24b6950158373444b274e5acabd87510
SHA1

e91cf0d3eb318b3d2bdddc5452b631f44b682f9d
SHA256

fb0ba2f663482572e870512c591e87c605ef211f5e8a3f87e34671bfb2e465f4
SHA512

29d4a71d938faca70d4ccfab7b2aa7942831dc7a37c1200208cc1dbc0db29a68539ab369f9b816e89f5cc6000d9a49f08334de03ad2490662ab56052912e2bce

Score

10^/10

ramnit banker spyware stealer trojan upx vmprotect worm

Static task

static1

Behavioral task

behavioral1

Sample

fb0ba2f663482572e870512c591e87c605ef211f5e8a3f87e34671bfb2e465f4.exe

Resource

win7v20210410

ramnit banker spyware stealer trojan upx vmprotect worm

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

fb0ba2f663482572e870512c591e87c605ef211f5e8a3f87e34671bfb2e465f4.exe

Resource

win10v20210408

ramnit banker spyware stealer trojan upx vmprotect worm

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  fb0ba2f663482572e870512c591e87c605ef211f5e8a3f87e34671bfb2e465f4
- Size
  
  18.1MB
- MD5
  
  24b6950158373444b274e5acabd87510
- SHA1
  
  e91cf0d3eb318b3d2bdddc5452b631f44b682f9d
- SHA256
  
  fb0ba2f663482572e870512c591e87c605ef211f5e8a3f87e34671bfb2e465f4
- SHA512
  
  29d4a71d938faca70d4ccfab7b2aa7942831dc7a37c1200208cc1dbc0db29a68539ab369f9b816e89f5cc6000d9a49f08334de03ad2490662ab56052912e2bce
Score

10^/10

ramnit banker spyware stealer trojan upx vmprotect worm
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ramnitbankerspywarestealertrojanupxvmprotectworm

behavioral2

ramnitbankerspywarestealertrojanupxvmprotectworm

© 2018-2024

Terms | Privacy