ramnit | 537b464463db98847e22ff6a54a743a5b18936ae70fb3ce30b68fd99608fc925 | Triage

Submit
Reports

Overview

overview

Static

static

hxjyxichao...??.exe

windows7-x64

hxjyxichao...??.exe

windows10-2004-x64

hxjyxichao...??.url

windows7-x64

6

hxjyxichao...??.url

windows10-2004-x64

6

Sharing

General

Target

537b464463db98847e22ff6a54a743a5b18936ae70fb3ce30b68fd99608fc925
Size

1.7MB
Sample

220716-3rjt9sfcb8
MD5

61718ad0ee107ae9a5c86b5db779d2f9
SHA1

f9017f8eaacdeb57c1a20ca0e676ae2fa4a5a594
SHA256

537b464463db98847e22ff6a54a743a5b18936ae70fb3ce30b68fd99608fc925
SHA512

bdb3835c58863bc6f5f6894bd12fb3238332f0c9e1cd3800d594e770e35962197746e03f7aa466f48202a0b8df70c1fcaf4a4b80d8d009596e838cb76db9f6ce

Score

10^/10

ramnit banker evasion persistence spyware stealer trojan upx worm

Static task

static1

Behavioral task

behavioral1

Sample

hxjyxichaofz_fr/4399????????V0.0.1???/4399????????V0.0.1???.exe

Resource

win7-20220715-en

ramnit banker spyware stealer trojan upx worm

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

hxjyxichaofz_fr/4399????????V0.0.1???/4399????????V0.0.1???.exe

Resource

win10v2004-20220715-en

ramnit banker spyware stealer trojan upx worm

windows10-2004-x64

10 signatures

150 seconds

Behavioral task

behavioral3

Sample

hxjyxichaofz_fr/4399????????V0.0.1???/??????.url

Resource

win7-20220715-en

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral4

Sample

hxjyxichaofz_fr/4399????????V0.0.1???/??????.url

Resource

win10v2004-20220414-en

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  hxjyxichaofz_fr/4399????????V0.0.1???/4399????????V0.0.1???.exe
- Size
  
  2.8MB
- MD5
  
  9c0f64ecb81964a02ef3bca47cae0512
- SHA1
  
  97251897685aef198daf28540e94d9174be86a83
- SHA256
  
  e2fbbe0e594af10e363af9ee0356ee5051a62a96bf56d85e83a37cd380e7c9a0
- SHA512
  
  2a4bf49866cb4f64dfb538afd753e439f2b6a9a5e04075cfd8150899be5af2425f877eb209760e18551f97df07182accda9e2b97d5186444ec5bce5bab5847b3
Score

10^/10

ramnit banker spyware stealer trojan upx worm
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  hxjyxichaofz_fr/4399????????V0.0.1???/??????.url
- Size
  
  219B
- MD5
  
  122e953f3a92541c27cc62db2d9bb0f7
- SHA1
  
  5c85d98b4bce0daac9631297ddb00b005161d131
- SHA256
  
  5bf9390d32df4da5ddb91425fc5002768a85305964a8e0cb8eda391b4b6511dd
- SHA512
  
  77240964186d2e9c9c73ed6bf13edccaeb40c0d8cbf477080c9a40a76d044964330e97421e4b45818bfbb2688e6bfaf6720a52f2efdd3b944f3624b1b5767583
Score

6^/10

evasion trojan persistence
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

ramnitbankerspywarestealertrojanupxworm

behavioral2

ramnitbankerspywarestealertrojanupxworm

behavioral3

behavioral4

© 2018-2024

Terms | Privacy