ramnit | 337de1739b18e91de064e9f50fa0eb5552afe069012812b6ce29be3b96dcd341 | Triage

Submit
Reports

Overview

overview

Static

static

337de1739b...41.exe

windows7_x64

337de1739b...41.exe

windows10_x64

Sharing

General

Target

337de1739b18e91de064e9f50fa0eb5552afe069012812b6ce29be3b96dcd341
Size

494KB
Sample

210515-er6vp4n292
MD5

46ccdac4f0bbc0b6c8a411db9b058644
SHA1

5e69d0047113d4939cb909f5db0700f9e843ba44
SHA256

337de1739b18e91de064e9f50fa0eb5552afe069012812b6ce29be3b96dcd341
SHA512

292b5ce3c7aba52a53fc756489dd82d48d93891334265478c1a4ace98c18cbc4ee1622e3889f8a9e783c7655585327769e7b28721edd5ff4c31ede206eb16a89

Score

10^/10

ramnit banker evasion spyware stealer trojan upx worm

Static task

static1

Behavioral task

behavioral1

Sample

337de1739b18e91de064e9f50fa0eb5552afe069012812b6ce29be3b96dcd341.exe

Resource

win7v20210410

ramnit banker spyware stealer trojan upx worm

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

337de1739b18e91de064e9f50fa0eb5552afe069012812b6ce29be3b96dcd341.exe

Resource

win10v20210408

ramnit banker evasion spyware stealer trojan upx worm

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  337de1739b18e91de064e9f50fa0eb5552afe069012812b6ce29be3b96dcd341
- Size
  
  494KB
- MD5
  
  46ccdac4f0bbc0b6c8a411db9b058644
- SHA1
  
  5e69d0047113d4939cb909f5db0700f9e843ba44
- SHA256
  
  337de1739b18e91de064e9f50fa0eb5552afe069012812b6ce29be3b96dcd341
- SHA512
  
  292b5ce3c7aba52a53fc756489dd82d48d93891334265478c1a4ace98c18cbc4ee1622e3889f8a9e783c7655585327769e7b28721edd5ff4c31ede206eb16a89
Score

10^/10

ramnit banker spyware stealer trojan upx worm evasion
- Modifies firewall policy service
  evasion
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Suspicious use of NtCreateProcessExOtherParentProcess
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

ramnitbankerspywarestealertrojanupxworm

behavioral2

ramnitbankerevasionspywarestealertrojanupxworm

© 2018-2024

Terms | Privacy