ramnit | 950da158619b3a37e4c0f0be34c39482afdce6d8aa92703ea9cf5ddd487049e9 | Triage

Submit
Reports

Overview

overview

Static

static

8

GdtBpFKY.exe

windows7_x64

GdtBpFKY.exe

windows10-2004_x64

Resubmissions

09-03-2022 14:47

220309-r5zxvsccap 10

09-03-2022 14:43

220309-r3pzwacbgk 10

Sharing

General

Target

GdtBpFKY.exe
Size

140KB
Sample

220309-r3pzwacbgk
MD5

bfac768f9ad7d29ec91a0288f4b5f479
SHA1

ff3240c04aa6778dfc4fa2c2eec505c0fb52acac
SHA256

950da158619b3a37e4c0f0be34c39482afdce6d8aa92703ea9cf5ddd487049e9
SHA512

6fa181b5aa88216d49e24576cff35cd5ce4f1ed11d3ec3d6539125d699c421f79dc755b4383e6d6ccf1657d21ee4aa9364f6785ef870e2863b93fa3885f07289

Score

10^/10

ramnit banker evasion spyware stealer suricata trojan upx worm

Static task

static1

Behavioral task

behavioral1

Sample

GdtBpFKY.exe

Resource

win7-en-20211208

ramnit banker spyware stealer trojan upx worm

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

GdtBpFKY.exe

Resource

win10v2004-en-20220112

ramnit banker evasion spyware stealer suricata trojan upx worm

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  GdtBpFKY.exe
- Size
  
  140KB
- MD5
  
  bfac768f9ad7d29ec91a0288f4b5f479
- SHA1
  
  ff3240c04aa6778dfc4fa2c2eec505c0fb52acac
- SHA256
  
  950da158619b3a37e4c0f0be34c39482afdce6d8aa92703ea9cf5ddd487049e9
- SHA512
  
  6fa181b5aa88216d49e24576cff35cd5ce4f1ed11d3ec3d6539125d699c421f79dc755b4383e6d6ccf1657d21ee4aa9364f6785ef870e2863b93fa3885f07289
Score

10^/10

ramnit banker spyware stealer trojan upx worm evasion suricata
- Modifies firewall policy service
  evasion
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- suricata: ET MALWARE Known Hostile Domain ilo.brenz .pl Lookup
  suricata: ET MALWARE Known Hostile Domain ilo.brenz .pl Lookup
  suricata
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

ramnitbankerspywarestealertrojanupxworm

behavioral2

ramnitbankerevasionspywarestealersuricatatrojanupxworm

© 2018-2024

Terms | Privacy