ramnit | 0dee353f6f444308b83d9be0f0d1a49db6b9b35962c0afd5a785ef2cbc018d78 | Triage

Submit
Reports

Overview

overview

Static

static

8

0dee353f6f...78.exe

windows7_x64

0dee353f6f...78.exe

windows10-2004_x64

Sharing

General

Target

0dee353f6f444308b83d9be0f0d1a49db6b9b35962c0afd5a785ef2cbc018d78
Size

107KB
Sample

220629-a98l5adfdp
MD5

0a7135dfdb1bd11de9ce5b3f18fc24af
SHA1

7b3afbbc6d639ec0419be1ce9f7d27e3978db290
SHA256

0dee353f6f444308b83d9be0f0d1a49db6b9b35962c0afd5a785ef2cbc018d78
SHA512

dd88227dd1cee7f28ec5a9c287f2ca28cc4f08b771618ab48b2cbe4f0cad579e45b58d73ab2243e4e45c54c57ec601ce9766ff43a10130dacc40228600b9f66d

Score

10^/10

ramnit banker evasion spyware stealer suricata trojan upx worm

Static task

static1

Behavioral task

behavioral1

Sample

0dee353f6f444308b83d9be0f0d1a49db6b9b35962c0afd5a785ef2cbc018d78.exe

Resource

win7-20220414-en

ramnit banker spyware stealer suricata trojan upx worm

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

0dee353f6f444308b83d9be0f0d1a49db6b9b35962c0afd5a785ef2cbc018d78.exe

Resource

win10v2004-20220414-en

ramnit banker evasion spyware stealer suricata trojan upx worm

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  0dee353f6f444308b83d9be0f0d1a49db6b9b35962c0afd5a785ef2cbc018d78
- Size
  
  107KB
- MD5
  
  0a7135dfdb1bd11de9ce5b3f18fc24af
- SHA1
  
  7b3afbbc6d639ec0419be1ce9f7d27e3978db290
- SHA256
  
  0dee353f6f444308b83d9be0f0d1a49db6b9b35962c0afd5a785ef2cbc018d78
- SHA512
  
  dd88227dd1cee7f28ec5a9c287f2ca28cc4f08b771618ab48b2cbe4f0cad579e45b58d73ab2243e4e45c54c57ec601ce9766ff43a10130dacc40228600b9f66d
Score

10^/10

ramnit banker spyware stealer suricata trojan upx worm evasion
- Modifies firewall policy service
  evasion
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- suricata: ET MALWARE Known Hostile Domain ilo.brenz .pl Lookup
  suricata: ET MALWARE Known Hostile Domain ilo.brenz .pl Lookup
  suricata
- suricata: ET MALWARE Win32.ServStart.D Checkin
  suricata: ET MALWARE Win32.ServStart.D Checkin
  suricata
- suricata: ET MALWARE [PTsecurity] Botnet Nitol.B Checkin
  suricata: ET MALWARE [PTsecurity] Botnet Nitol.B Checkin
  suricata
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

ramnitbankerspywarestealersuricatatrojanupxworm

behavioral2

ramnitbankerevasionspywarestealersuricatatrojanupxworm

© 2018-2024

Terms | Privacy