ramnit | dbc9a216e6457567616a854849145fc1cd86af59a48075809b4d278745d4065d | Triage

Submit
Reports

Overview

overview

Static

static

tmp/c36f19...an.exe

windows7_x64

tmp/c36f19...an.exe

windows10_x64

Sharing

General

Target

tmp/c36f194f-9efd-4039-8ea6-914732dc7232_dan.exe
Size

352KB
Sample

211218-vh137agccl
MD5

494206b5526d9a9510bc92bcbbeda072
SHA1

bbd0832ab4767705fe5fe55ddbd8049ebd678f8c
SHA256

dbc9a216e6457567616a854849145fc1cd86af59a48075809b4d278745d4065d
SHA512

d4eb8870f80afbe43fc919769533f817fa156e464ef00c1e4cca8132eec43558057e13ebf67b0f3e8167c69757e91d32fe1fcb22bbd26d8cf412860cb16cd416

Score

10^/10

ramnit banker evasion spyware stealer trojan upx worm

Static task

static1

Behavioral task

behavioral1

Sample

tmp/c36f194f-9efd-4039-8ea6-914732dc7232_dan.exe

Resource

win7-en-20211208

ramnit banker spyware stealer trojan upx worm

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

tmp/c36f194f-9efd-4039-8ea6-914732dc7232_dan.exe

Resource

win10-en-20211208

ramnit banker evasion spyware stealer trojan upx worm

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  tmp/c36f194f-9efd-4039-8ea6-914732dc7232_dan.exe
- Size
  
  352KB
- MD5
  
  494206b5526d9a9510bc92bcbbeda072
- SHA1
  
  bbd0832ab4767705fe5fe55ddbd8049ebd678f8c
- SHA256
  
  dbc9a216e6457567616a854849145fc1cd86af59a48075809b4d278745d4065d
- SHA512
  
  d4eb8870f80afbe43fc919769533f817fa156e464ef00c1e4cca8132eec43558057e13ebf67b0f3e8167c69757e91d32fe1fcb22bbd26d8cf412860cb16cd416
Score

10^/10

ramnit banker spyware stealer trojan upx worm evasion
- Modifies firewall policy service
  evasion
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Suspicious use of NtCreateProcessExOtherParentProcess
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

ramnitbankerspywarestealertrojanupxworm

behavioral2

ramnitbankerevasionspywarestealertrojanupxworm

© 2018-2024

Terms | Privacy