ramnit | 314082c909a94ccd11372aedfc8f7ccfc00cb234003ff66934d3e517f63a37c6 | Triage

Submit
Reports

Overview

overview

Static

static

314082c909...c6.exe

windows7_x64

314082c909...c6.exe

windows10-2004_x64

Sharing

General

Target

314082c909a94ccd11372aedfc8f7ccfc00cb234003ff66934d3e517f63a37c6
Size

330KB
Sample

220205-fwttpsgggn
MD5

d3674fb64e76d37df3c1348228bba39c
SHA1

fab2e0855c412f224fb75115a084dc689b1a3dc2
SHA256

314082c909a94ccd11372aedfc8f7ccfc00cb234003ff66934d3e517f63a37c6
SHA512

7285002b30727bb68410c500aea1f8fd359325480b0e4eadbad1d5a88c7b39a8b4d505a56b29a632b3ee4627d4dd7c7fd73bece79da8e78eed4c3a9a546f2b96

Score

10^/10

ramnit banker persistence spyware stealer trojan upx worm

Static task

static1

Behavioral task

behavioral1

Sample

314082c909a94ccd11372aedfc8f7ccfc00cb234003ff66934d3e517f63a37c6.exe

Resource

win7-en-20211208

ramnit banker spyware stealer trojan upx worm

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

314082c909a94ccd11372aedfc8f7ccfc00cb234003ff66934d3e517f63a37c6.exe

Resource

win10v2004-en-20220112

ramnit banker persistence spyware stealer trojan upx worm

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  314082c909a94ccd11372aedfc8f7ccfc00cb234003ff66934d3e517f63a37c6
- Size
  
  330KB
- MD5
  
  d3674fb64e76d37df3c1348228bba39c
- SHA1
  
  fab2e0855c412f224fb75115a084dc689b1a3dc2
- SHA256
  
  314082c909a94ccd11372aedfc8f7ccfc00cb234003ff66934d3e517f63a37c6
- SHA512
  
  7285002b30727bb68410c500aea1f8fd359325480b0e4eadbad1d5a88c7b39a8b4d505a56b29a632b3ee4627d4dd7c7fd73bece79da8e78eed4c3a9a546f2b96
Score

10^/10

ramnit banker spyware stealer trojan upx worm persistence
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- Sets service image path in registry
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

ramnitbankerspywarestealertrojanupxworm

behavioral2

ramnitbankerpersistencespywarestealertrojanupxworm

© 2018-2024

Terms | Privacy