ramnit | 1a2c13d0e014cdc2591606ba42657b114feacca068761033c44d53ca3947790c | Triage

Submit
Reports

Overview

overview

Static

static

8

b3f1e0cd49...e0.exe

windows7_x64

b3f1e0cd49...e0.exe

windows10_x64

Sharing

General

Target

6180947397607424.zip
Size

112KB
Sample

210720-bhyw8vgm72
MD5

ae7a31e7de68396bce81ac674be9180b
SHA1

56940b7137f8d01897e35221e0798e7820185447
SHA256

1a2c13d0e014cdc2591606ba42657b114feacca068761033c44d53ca3947790c
SHA512

6da570cc4a0915cebec40e74768f18b521bf9a0e17e3267d10024fe39b4ce7c9fb40cf4868e556cb46b36308d38dad68ee161e14d11e4d7809547f80a4599c72

Score

10^/10

ramnit banker evasion spyware stealer trojan upx worm

Static task

static1

Behavioral task

behavioral1

Sample

b3f1e0cd49aebc345b64fee6ecc1f77596e381fd61395dfcb767988400cebce0.exe

Resource

win7v20210410

ramnit banker spyware stealer trojan upx worm

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

b3f1e0cd49aebc345b64fee6ecc1f77596e381fd61395dfcb767988400cebce0.exe

Resource

win10v20210408

ramnit banker evasion spyware stealer trojan upx worm

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  b3f1e0cd49aebc345b64fee6ecc1f77596e381fd61395dfcb767988400cebce0
- Size
  
  121KB
- MD5
  
  8ef6d1b777a8a7cf38d53dbfa6cf4406
- SHA1
  
  b63213fd42929c5f7aafe0b61f3e017ab3bbbdfc
- SHA256
  
  b3f1e0cd49aebc345b64fee6ecc1f77596e381fd61395dfcb767988400cebce0
- SHA512
  
  04d1e6fe2016a89dba0eb0ea65feadc2c35ca4f126b91efe01f90b7f37e9bfb941bc4a9a32aa37099705dca7c228167fcac6da96d6d2473cd44b9533f0493a62
Score

10^/10

ramnit banker spyware stealer trojan upx worm evasion
- Modifies firewall policy service
  evasion
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Suspicious use of NtCreateProcessExOtherParentProcess
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

ramnitbankerspywarestealertrojanupxworm

behavioral2

ramnitbankerevasionspywarestealertrojanupxworm

© 2018-2024

Terms | Privacy