ramnit | dab6a6d06595504920e4b8df3ed14906e84b23cf705391a1dc095bcb24155d94 | Triage

Submit
Reports

Overview

overview

Static

static

8

dab6a6d065...94.exe

windows7_x64

dab6a6d065...94.exe

windows10_x64

Sharing

General

Target

dab6a6d06595504920e4b8df3ed14906e84b23cf705391a1dc095bcb24155d94
Size

300KB
Sample

210516-wwn3c3wejs
MD5

890fde4a1d65e04af6deb530fc7abb9c
SHA1

b77256ee6cc61e0775a6f44286b43484ee9deeff
SHA256

dab6a6d06595504920e4b8df3ed14906e84b23cf705391a1dc095bcb24155d94
SHA512

231dfc841600a1e8fd8639d4cf838fa3df75a39cc008996b51d2f7ede93a8ae60cabe57957158d635f811c30b27a655104cfe11326cb3c82a89b16699555e44a

Score

10^/10

ramnit banker evasion spyware stealer trojan upx worm

Static task

static1

Behavioral task

behavioral1

Sample

dab6a6d06595504920e4b8df3ed14906e84b23cf705391a1dc095bcb24155d94.exe

Resource

win7v20210410

ramnit banker spyware stealer trojan upx worm

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

dab6a6d06595504920e4b8df3ed14906e84b23cf705391a1dc095bcb24155d94.exe

Resource

win10v20210410

ramnit banker evasion spyware stealer trojan upx worm

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  dab6a6d06595504920e4b8df3ed14906e84b23cf705391a1dc095bcb24155d94
- Size
  
  300KB
- MD5
  
  890fde4a1d65e04af6deb530fc7abb9c
- SHA1
  
  b77256ee6cc61e0775a6f44286b43484ee9deeff
- SHA256
  
  dab6a6d06595504920e4b8df3ed14906e84b23cf705391a1dc095bcb24155d94
- SHA512
  
  231dfc841600a1e8fd8639d4cf838fa3df75a39cc008996b51d2f7ede93a8ae60cabe57957158d635f811c30b27a655104cfe11326cb3c82a89b16699555e44a
Score

10^/10

ramnit banker spyware stealer trojan upx worm evasion
- Modifies firewall policy service
  evasion
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Suspicious use of NtCreateProcessExOtherParentProcess
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

ramnitbankerspywarestealertrojanupxworm

behavioral2

ramnitbankerevasionspywarestealertrojanupxworm

© 2018-2024

Terms | Privacy