ramnit | 4e707c27c365409032b8081092276d83498149589fa42c52271febbc5682bc81 | Triage

Submit
Reports

Overview

overview

Static

static

%E5%88%9B%...B6.exe

windows7_x64

%E5%88%9B%...B6.exe

windows10-2004_x64

Sharing

General

Target

%E5%88%9B%E8%BE%89%E4%BC%81%E4%B8%9A%E5%90%8D%E5%BD%95%E4%BF%A1%E6%81%AF%E6%90%9C%E7%B4%A2%E8%BD%AF%E4%BB%B6.exe
Size

968KB
Sample

220519-b8r4esbfhq
MD5

b002b1aef58889242163dba60b7d6a47
SHA1

360b5a679662061f20778d12a668ceb204179f00
SHA256

4e707c27c365409032b8081092276d83498149589fa42c52271febbc5682bc81
SHA512

ccdf7add0ccc3a9c9b8a98683a04deaa1fa5197a4002276f92bc303042a1c824cbd80706d5522d676fc907f7625673d2d8ae3a4c945be3fb62bdf92dfa185ec7

Score

10^/10

ramnit banker bootkit persistence spyware stealer trojan upx worm

Static task

static1

Behavioral task

behavioral1

Sample

%E5%88%9B%E8%BE%89%E4%BC%81%E4%B8%9A%E5%90%8D%E5%BD%95%E4%BF%A1%E6%81%AF%E6%90%9C%E7%B4%A2%E8%BD%AF%E4%BB%B6.exe

Resource

win7-20220414-en

ramnit banker spyware stealer trojan upx worm

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

%E5%88%9B%E8%BE%89%E4%BC%81%E4%B8%9A%E5%90%8D%E5%BD%95%E4%BF%A1%E6%81%AF%E6%90%9C%E7%B4%A2%E8%BD%AF%E4%BB%B6.exe

Resource

win10v2004-20220414-en

ramnit banker bootkit persistence spyware stealer trojan upx worm

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  %E5%88%9B%E8%BE%89%E4%BC%81%E4%B8%9A%E5%90%8D%E5%BD%95%E4%BF%A1%E6%81%AF%E6%90%9C%E7%B4%A2%E8%BD%AF%E4%BB%B6.exe
- Size
  
  968KB
- MD5
  
  b002b1aef58889242163dba60b7d6a47
- SHA1
  
  360b5a679662061f20778d12a668ceb204179f00
- SHA256
  
  4e707c27c365409032b8081092276d83498149589fa42c52271febbc5682bc81
- SHA512
  
  ccdf7add0ccc3a9c9b8a98683a04deaa1fa5197a4002276f92bc303042a1c824cbd80706d5522d676fc907f7625673d2d8ae3a4c945be3fb62bdf92dfa185ec7
Score

10^/10

ramnit banker spyware stealer trojan upx worm bootkit persistence
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

ramnitbankerspywarestealertrojanupxworm

behavioral2

ramnitbankerbootkitpersistencespywarestealertrojanupxworm

© 2018-2024

Terms | Privacy