ramnit | edb7e30476d2981f6e978379400380078e5e2882e9b42913fda2ddb25db32b29 | Triage

Submit
Reports

Overview

overview

Static

static

edb7e30476...29.exe

windows7_x64

edb7e30476...29.exe

windows10-2004_x64

Sharing

General

Target

edb7e30476d2981f6e978379400380078e5e2882e9b42913fda2ddb25db32b29
Size

310KB
Sample

220707-hbb49seeeq
MD5

f5d7b6e170969331cc4601e073651108
SHA1

5b495c7b68d8caa158d6b68b8ceda18ec8fbc0c2
SHA256

edb7e30476d2981f6e978379400380078e5e2882e9b42913fda2ddb25db32b29
SHA512

db872c7d705b22e0c4050aa7e626c8271151d6a149f3a1389e2f34a31f5a61d54e0ed46f79f5f1c4bd58a54fcf752d5b28ff2232b3a7bafa220bfdddd848ed0a

Score

10^/10

ramnit banker evasion spyware stealer suricata trojan upx worm

Static task

static1

Behavioral task

behavioral1

Sample

edb7e30476d2981f6e978379400380078e5e2882e9b42913fda2ddb25db32b29.exe

Resource

win7-20220414-en

ramnit banker spyware stealer trojan upx worm

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

edb7e30476d2981f6e978379400380078e5e2882e9b42913fda2ddb25db32b29.exe

Resource

win10v2004-20220414-en

ramnit banker evasion spyware stealer suricata trojan upx worm

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  edb7e30476d2981f6e978379400380078e5e2882e9b42913fda2ddb25db32b29
- Size
  
  310KB
- MD5
  
  f5d7b6e170969331cc4601e073651108
- SHA1
  
  5b495c7b68d8caa158d6b68b8ceda18ec8fbc0c2
- SHA256
  
  edb7e30476d2981f6e978379400380078e5e2882e9b42913fda2ddb25db32b29
- SHA512
  
  db872c7d705b22e0c4050aa7e626c8271151d6a149f3a1389e2f34a31f5a61d54e0ed46f79f5f1c4bd58a54fcf752d5b28ff2232b3a7bafa220bfdddd848ed0a
Score

10^/10

ramnit banker spyware stealer trojan upx worm evasion suricata
- Modifies firewall policy service
  evasion
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- suricata: ET MALWARE Known Hostile Domain ilo.brenz .pl Lookup
  suricata: ET MALWARE Known Hostile Domain ilo.brenz .pl Lookup
  suricata
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

ramnitbankerspywarestealertrojanupxworm

behavioral2

ramnitbankerevasionspywarestealersuricatatrojanupxworm

© 2018-2024

Terms | Privacy