ramnit | 2691942c5687969cd4137c99628fb566377c3cb16ddca078b7ccdcb1332e0b15 | Triage

Submit
Reports

Overview

overview

Static

static

nizanmfts_fr/??.exe

windows7_x64

5

nizanmfts_fr/??.exe

windows10-2004_x64

5

nizanmfts_fr/????.url

windows7_x64

6

nizanmfts_fr/????.url

windows10-2004_x64

6

nizanmfts_...??.url

windows7_x64

6

nizanmfts_...??.url

windows10-2004_x64

6

nizanmfts_fr/load.dll

windows7_x64

nizanmfts_fr/load.dll

windows10-2004_x64

Sharing

General

Target

2691942c5687969cd4137c99628fb566377c3cb16ddca078b7ccdcb1332e0b15
Size

4.3MB
Sample

220616-jxjxnsaabl
MD5

30bab3c67dff0a03cd44399d59b7dd34
SHA1

de65653c8e2b6b75fbdd5ac43e6a150283cb84f5
SHA256

2691942c5687969cd4137c99628fb566377c3cb16ddca078b7ccdcb1332e0b15
SHA512

6d7c174dcd1c10f9557072f1364ee519f9b262059250302fec82bf2501e0c9e5ea5e9e6e426bee865ba5a4e07465a19904d4ec6b53562f745acb168672090774

Score

10^/10

ramnit banker evasion persistence spyware stealer trojan upx worm

Static task

static1

Behavioral task

behavioral1

Sample

nizanmfts_fr/??.exe

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

nizanmfts_fr/??.exe

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral3

Sample

nizanmfts_fr/????.url

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral4

Sample

nizanmfts_fr/????.url

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral5

Sample

nizanmfts_fr/??????.url

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral6

Sample

nizanmfts_fr/??????.url

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral7

Sample

nizanmfts_fr/load.dll

Resource

win7-20220414-en

ramnit banker spyware stealer trojan upx worm

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral8

Sample

nizanmfts_fr/load.dll

Resource

win10v2004-20220414-en

ramnit banker spyware stealer trojan upx worm

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  nizanmfts_fr/??.exe
- Size
  
  3.3MB
- MD5
  
  e1997a27641510d0700ccb7cbe11b530
- SHA1
  
  ff6f583f40494250acea810fdb3126356807645c
- SHA256
  
  dd76a68797960e242e385175fc16c0b291374bdd2fcc71a04fcdbc3b17cc86bf
- SHA512
  
  e54dd30c7e761680a12565a4ed74c70c5a82e93968444a4fc66b16491b1606743e9264a18c7a47ec57641c1b24b7353397859575a1bdddb00480778eaac0ea37
Score

5^/10
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2
- Target
  
  nizanmfts_fr/????.url
- Size
  
  121B
- MD5
  
  40c8f56ca7896f633de17a04ebc1fb0b
- SHA1
  
  5b06588186b9ea6a66f02d8a90936a4a07e49157
- SHA256
  
  d357c51a3179360536f30b389e45b3892ff3a2d23ff42db7dd2145004ce51bde
- SHA512
  
  83c821dda348104708a8fee97e4822b7af3ee546faf01745f992b3b7b981543a4042ac8bd3429b53ef733b7a00cc7923fc9c9f53f26c57d16f5fe2608216dcb9
Score

6^/10

evasion trojan persistence
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral3 behavioral4
- Target
  
  nizanmfts_fr/??????.url
- Size
  
  219B
- MD5
  
  122e953f3a92541c27cc62db2d9bb0f7
- SHA1
  
  5c85d98b4bce0daac9631297ddb00b005161d131
- SHA256
  
  5bf9390d32df4da5ddb91425fc5002768a85305964a8e0cb8eda391b4b6511dd
- SHA512
  
  77240964186d2e9c9c73ed6bf13edccaeb40c0d8cbf477080c9a40a76d044964330e97421e4b45818bfbb2688e6bfaf6720a52f2efdd3b944f3624b1b5767583
Score

6^/10

evasion trojan persistence
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral5 behavioral6
- Target
  
  nizanmfts_fr/load.dll
- Size
  
  3.7MB
- MD5
  
  bfdd804c8e727b5ca53fd6d859a9975a
- SHA1
  
  23e0aaf72c3d10374942d58d42bcf5e35be2a92e
- SHA256
  
  57bc0df44cdd059fb169f6754d1065d9f639d8c78f126fe4f3acc7a9811841e5
- SHA512
  
  b851d60b2a7e60526a4006a25090d282bbef88064c8fb4bb59159cc3672af4ac93ee50cc0c68072f93555efab83723da38444918302a5e4c95fff57da525d929
Score

10^/10

ramnit banker spyware stealer trojan upx worm
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Drops file in System32 directory
behavioral7 behavioral8

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

ramnitbankerspywarestealertrojanupxworm

behavioral8

ramnitbankerspywarestealertrojanupxworm

© 2018-2024

Terms | Privacy