ramnit | 09ff356818f8b41d3c538a7648bb2ea5971cd54c8a2959d3c04a42867555fbe5 | Triage

Submit
Reports

Overview

overview

Static

static

09ff356818...e5.exe

windows7_x64

09ff356818...e5.exe

windows10_x64

Sharing

General

Target

09ff356818f8b41d3c538a7648bb2ea5971cd54c8a2959d3c04a42867555fbe5
Size

390KB
Sample

210515-gzcabwmh1j
MD5

4ac3edd36979050ed63490ca4d64d558
SHA1

965d34311d79c178187c215fbc22ffae3d89f2fd
SHA256

09ff356818f8b41d3c538a7648bb2ea5971cd54c8a2959d3c04a42867555fbe5
SHA512

e4fa7ffd6433784ecf5e0e484faa2f2bdc86ff538b39028c619949f9450873c35fe3fa8915755b4cef29ee41206ef3f60aa64da0427a60ce54fc4ee32406f1fb

Score

10^/10

ramnit banker evasion spyware stealer trojan upx worm

Static task

static1

Behavioral task

behavioral1

Sample

09ff356818f8b41d3c538a7648bb2ea5971cd54c8a2959d3c04a42867555fbe5.exe

Resource

win7v20210410

ramnit banker spyware stealer trojan upx worm

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

09ff356818f8b41d3c538a7648bb2ea5971cd54c8a2959d3c04a42867555fbe5.exe

Resource

win10v20210410

ramnit banker evasion spyware stealer trojan upx worm

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  09ff356818f8b41d3c538a7648bb2ea5971cd54c8a2959d3c04a42867555fbe5
- Size
  
  390KB
- MD5
  
  4ac3edd36979050ed63490ca4d64d558
- SHA1
  
  965d34311d79c178187c215fbc22ffae3d89f2fd
- SHA256
  
  09ff356818f8b41d3c538a7648bb2ea5971cd54c8a2959d3c04a42867555fbe5
- SHA512
  
  e4fa7ffd6433784ecf5e0e484faa2f2bdc86ff538b39028c619949f9450873c35fe3fa8915755b4cef29ee41206ef3f60aa64da0427a60ce54fc4ee32406f1fb
Score

10^/10

ramnit banker spyware stealer trojan upx worm evasion
- Modifies firewall policy service
  evasion
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Suspicious use of NtCreateProcessExOtherParentProcess
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ramnitbankerspywarestealertrojanupxworm

behavioral2

ramnitbankerevasionspywarestealertrojanupxworm

© 2018-2024

Terms | Privacy