ramnit | 34c30797a9be382cf26eab6e73f43b9635f6a5bc23b667207d489ab5ae50adfd | Triage

Submit
Reports

Overview

overview

Static

static

34c30797a9...fd.exe

windows7_x64

34c30797a9...fd.exe

windows10_x64

Sharing

General

Target

34c30797a9be382cf26eab6e73f43b9635f6a5bc23b667207d489ab5ae50adfd
Size

464KB
Sample

210515-smgdwq6e2n
MD5

655d8239ee74f2b0f3864fd40db619db
SHA1

5e774ae154b092b7540d69a16e0e799ade49c083
SHA256

34c30797a9be382cf26eab6e73f43b9635f6a5bc23b667207d489ab5ae50adfd
SHA512

c178c3b7b1c29c044040d9a3ac6780cd9533282d7a5052272f3697f3f95720a4e3c9751a55fca13e6a826b23683f79678479f4187d369d43efb376eb657f3760

Score

10^/10

ramnit banker evasion spyware stealer trojan upx worm

Static task

static1

Behavioral task

behavioral1

Sample

34c30797a9be382cf26eab6e73f43b9635f6a5bc23b667207d489ab5ae50adfd.exe

Resource

win7v20210410

ramnit banker spyware stealer trojan upx worm

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

34c30797a9be382cf26eab6e73f43b9635f6a5bc23b667207d489ab5ae50adfd.exe

Resource

win10v20210410

ramnit banker evasion spyware stealer trojan upx worm

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  34c30797a9be382cf26eab6e73f43b9635f6a5bc23b667207d489ab5ae50adfd
- Size
  
  464KB
- MD5
  
  655d8239ee74f2b0f3864fd40db619db
- SHA1
  
  5e774ae154b092b7540d69a16e0e799ade49c083
- SHA256
  
  34c30797a9be382cf26eab6e73f43b9635f6a5bc23b667207d489ab5ae50adfd
- SHA512
  
  c178c3b7b1c29c044040d9a3ac6780cd9533282d7a5052272f3697f3f95720a4e3c9751a55fca13e6a826b23683f79678479f4187d369d43efb376eb657f3760
Score

10^/10

ramnit banker spyware stealer trojan upx worm evasion
- Modifies firewall policy service
  evasion
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Suspicious use of NtCreateProcessExOtherParentProcess
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

ramnitbankerspywarestealertrojanupxworm

behavioral2

ramnitbankerevasionspywarestealertrojanupxworm

© 2018-2024

Terms | Privacy