ramnit | 1243c8bfdfe91e45a03aaef3883b4d51cb8d0d2d94eb56c638f71ddb9ceb4ed0 | Triage

Submit
Reports

Overview

overview

Static

static

1243c8bfdf...d0.exe

windows7_x64

1243c8bfdf...d0.exe

windows10-2004_x64

Sharing

General

Target

1243c8bfdfe91e45a03aaef3883b4d51cb8d0d2d94eb56c638f71ddb9ceb4ed0
Size

125KB
Sample

220207-ebkvmafaa9
MD5

8b0a529a292b70ff3bffa0c7dc53ce51
SHA1

554fae342d553049a4b70894d4f29ecc471db321
SHA256

1243c8bfdfe91e45a03aaef3883b4d51cb8d0d2d94eb56c638f71ddb9ceb4ed0
SHA512

dd03ab7d09f985f13149f375c7d3990f61ab9b47efead4691fe22ccdf4b0ffd9902faa8f90ab58c2bb903d8a481e7343ad7da066b825467d9eb606f45635b215

Score

10^/10

ramnit banker evasion spyware stealer trojan upx worm

Static task

static1

Behavioral task

behavioral1

Sample

1243c8bfdfe91e45a03aaef3883b4d51cb8d0d2d94eb56c638f71ddb9ceb4ed0.exe

Resource

win7-en-20211208

ramnit banker evasion spyware stealer trojan upx worm

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

1243c8bfdfe91e45a03aaef3883b4d51cb8d0d2d94eb56c638f71ddb9ceb4ed0.exe

Resource

win10v2004-en-20220112

ramnit banker evasion spyware stealer trojan upx worm

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  1243c8bfdfe91e45a03aaef3883b4d51cb8d0d2d94eb56c638f71ddb9ceb4ed0
- Size
  
  125KB
- MD5
  
  8b0a529a292b70ff3bffa0c7dc53ce51
- SHA1
  
  554fae342d553049a4b70894d4f29ecc471db321
- SHA256
  
  1243c8bfdfe91e45a03aaef3883b4d51cb8d0d2d94eb56c638f71ddb9ceb4ed0
- SHA512
  
  dd03ab7d09f985f13149f375c7d3990f61ab9b47efead4691fe22ccdf4b0ffd9902faa8f90ab58c2bb903d8a481e7343ad7da066b825467d9eb606f45635b215
Score

10^/10

ramnit banker evasion spyware stealer trojan upx worm
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ramnitbankerevasionspywarestealertrojanupxworm

behavioral2

ramnitbankerevasionspywarestealertrojanupxworm

© 2018-2024

Terms | Privacy