ramnit | d58482d9af4f9b69008295ba2684f0b249a699162e44319a74cab4cba3a77266 | Triage

Submit
Reports

Overview

overview

Static

static

5

d58482d9af...66.exe

windows7_x64

d58482d9af...66.exe

windows10-2004_x64

Sharing

General

Target

d58482d9af4f9b69008295ba2684f0b249a699162e44319a74cab4cba3a77266
Size

3.3MB
Sample

220525-bfy19shecl
MD5

29ec167f930bbf8256a66463872ff525
SHA1

4acb67568804342520d71aed66d3d4fc0feac49e
SHA256

d58482d9af4f9b69008295ba2684f0b249a699162e44319a74cab4cba3a77266
SHA512

63c1418dd42618f84d68c3fb74356f97f94b1734ee4e28df63dae1632b8a16eef120017070e824ff496aca11ebade6636f6fa7ef52481a3fba258d9005a3886b

Score

10^/10

ramnit banker bootkit discovery evasion persistence spyware stealer trojan upx worm

Static task

static1

Behavioral task

behavioral1

Sample

d58482d9af4f9b69008295ba2684f0b249a699162e44319a74cab4cba3a77266.exe

Resource

win7-20220414-en

ramnit banker bootkit discovery evasion persistence spyware stealer trojan upx worm

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

d58482d9af4f9b69008295ba2684f0b249a699162e44319a74cab4cba3a77266.exe

Resource

win10v2004-20220414-en

ramnit banker bootkit discovery persistence spyware stealer trojan upx worm

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  d58482d9af4f9b69008295ba2684f0b249a699162e44319a74cab4cba3a77266
- Size
  
  3.3MB
- MD5
  
  29ec167f930bbf8256a66463872ff525
- SHA1
  
  4acb67568804342520d71aed66d3d4fc0feac49e
- SHA256
  
  d58482d9af4f9b69008295ba2684f0b249a699162e44319a74cab4cba3a77266
- SHA512
  
  63c1418dd42618f84d68c3fb74356f97f94b1734ee4e28df63dae1632b8a16eef120017070e824ff496aca11ebade6636f6fa7ef52481a3fba258d9005a3886b
Score

10^/10

ramnit banker bootkit discovery evasion persistence spyware stealer trojan upx worm
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Modifies file permissions
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

File Permissions Modification

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

ramnitbankerbootkitdiscoveryevasionpersistencespywarestealertrojanupxworm

behavioral2

ramnitbankerbootkitdiscoverypersistencespywarestealertrojanupxworm

© 2018-2024

Terms | Privacy