ramnit | 67bf11e503343a5478f45c5a0c886c49c56c195c6e281cdac96643a0148d5665 | Triage

Submit
Reports

Overview

overview

Static

static

8

67bf11e503...65.exe

windows7_x64

67bf11e503...65.exe

windows10_x64

Sharing

General

Target

67bf11e503343a5478f45c5a0c886c49c56c195c6e281cdac96643a0148d5665
Size

84KB
Sample

210513-lgtr2hayhe
MD5

3deae285a37790b25414520c94ee3398
SHA1

0fa7f041b388adbd44328f6deac7186a4c0c6547
SHA256

67bf11e503343a5478f45c5a0c886c49c56c195c6e281cdac96643a0148d5665
SHA512

e0a0b8138d8b7f47cea5041322d62b91eb8fe975e5a61599cf2c3b008c9baf2c1e5519f96b86af33c4e9d0c96d2e8c4a741b109ca987cf8fe8ed0874b369a705

Score

10^/10

ramnit banker evasion spyware stealer trojan upx worm

Static task

static1

Behavioral task

behavioral1

Sample

67bf11e503343a5478f45c5a0c886c49c56c195c6e281cdac96643a0148d5665.exe

Resource

win7v20210408

ramnit banker spyware stealer trojan upx worm

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

67bf11e503343a5478f45c5a0c886c49c56c195c6e281cdac96643a0148d5665.exe

Resource

win10v20210408

ramnit banker evasion spyware stealer trojan upx worm

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  67bf11e503343a5478f45c5a0c886c49c56c195c6e281cdac96643a0148d5665
- Size
  
  84KB
- MD5
  
  3deae285a37790b25414520c94ee3398
- SHA1
  
  0fa7f041b388adbd44328f6deac7186a4c0c6547
- SHA256
  
  67bf11e503343a5478f45c5a0c886c49c56c195c6e281cdac96643a0148d5665
- SHA512
  
  e0a0b8138d8b7f47cea5041322d62b91eb8fe975e5a61599cf2c3b008c9baf2c1e5519f96b86af33c4e9d0c96d2e8c4a741b109ca987cf8fe8ed0874b369a705
Score

10^/10

ramnit banker spyware stealer trojan upx worm evasion
- Modifies firewall policy service
  evasion
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Suspicious use of NtCreateProcessExOtherParentProcess
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

ramnitbankerspywarestealertrojanupxworm

behavioral2

ramnitbankerevasionspywarestealertrojanupxworm

© 2018-2024

Terms | Privacy