ramnit | 2eb52465f0bb9e6b47743d99d6c9ef71b6623bd73af95381c12e268d30630a4b | Triage

Sharing

General

Target

2eb52465f0bb9e6b47743d99d6c9ef71b6623bd73af95381c12e268d30630a4b
Size

191KB
Sample

220622-h4z2sschd6
MD5

d65954ecfc969928cdfd32f883d25751
SHA1

a943447d15357773a4ad35d37bb1d4ad04cab1b4
SHA256

2eb52465f0bb9e6b47743d99d6c9ef71b6623bd73af95381c12e268d30630a4b
SHA512

277d287bb69e2052204eee00474ae645d036b7de49e12a2a1b49e16fb1896977b662f3fd0ab723274c2846e9f28e51e6bbda5691f87f797347fa13115f3e11e0

Score

10^/10

ramnit ��banker spyware stealer trojan worm

Malware Config

Extracted

Family

ramnit

Botnet

��

C2

google.com:443

Attributes

campaign_timestamp
1.537806959e+09
compile_timestamp
1.537806137e+09
dga_seed
2.53879977e+09
listen_port
0
num_dga_domains
100

xor.base64

rc4.plain

rsa_pubkey.base64

Targets

- Target
  
  2eb52465f0bb9e6b47743d99d6c9ef71b6623bd73af95381c12e268d30630a4b
- Size
  
  191KB
- MD5
  
  d65954ecfc969928cdfd32f883d25751
- SHA1
  
  a943447d15357773a4ad35d37bb1d4ad04cab1b4
- SHA256
  
  2eb52465f0bb9e6b47743d99d6c9ef71b6623bd73af95381c12e268d30630a4b
- SHA512
  
  277d287bb69e2052204eee00474ae645d036b7de49e12a2a1b49e16fb1896977b662f3fd0ab723274c2846e9f28e51e6bbda5691f87f797347fa13115f3e11e0
Score

10^/10

ramnit ��banker spyware stealer trojan worm
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

ramnit��bankerspywarestealertrojanworm

behavioral2

ramnit��bankerspywarestealertrojanworm