ramnit | 53b012f50264df3a5d5ba81f9db53c7e3fed433830300313631a56b1cd795e73 | Triage

Submit
Reports

Overview

overview

Static

static

8

aa4b253d32...34.exe

windows7-x64

aa4b253d32...34.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

aa4b253d3237c02a17c7da57de94c434
Size

186KB
Sample

220920-vc87lsdhd9
MD5

aa4b253d3237c02a17c7da57de94c434
SHA1

90db2aa0ba4ba9e7b49c104550189dc88db2759e
SHA256

53b012f50264df3a5d5ba81f9db53c7e3fed433830300313631a56b1cd795e73
SHA512

2672bbfccd450a6992909f0a64079de785765351f47642c91d7b283567abc9addbdbb125892ad291ebb10c9e24129e2a58d000714a34fe39a063ad49f88b0a9a
SSDEEP

3072:IZx8gJscuAnU+JYoutueXl6BHfBGoVwqq29gvryVq98JD:m2AsnAnUJoScB4oVwh2qvryXD

Score

10^/10

ramnit banker evasion persistence spyware stealer trojan upx worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

aa4b253d3237c02a17c7da57de94c434.exe

Resource

win7-20220812-en

ramnit banker evasion persistence spyware stealer trojan upx worm

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

aa4b253d3237c02a17c7da57de94c434.exe

Resource

win10v2004-20220812-en

ramnit banker evasion persistence spyware stealer trojan upx worm

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  aa4b253d3237c02a17c7da57de94c434
- Size
  
  186KB
- MD5
  
  aa4b253d3237c02a17c7da57de94c434
- SHA1
  
  90db2aa0ba4ba9e7b49c104550189dc88db2759e
- SHA256
  
  53b012f50264df3a5d5ba81f9db53c7e3fed433830300313631a56b1cd795e73
- SHA512
  
  2672bbfccd450a6992909f0a64079de785765351f47642c91d7b283567abc9addbdbb125892ad291ebb10c9e24129e2a58d000714a34fe39a063ad49f88b0a9a
- SSDEEP
  
  3072:IZx8gJscuAnU+JYoutueXl6BHfBGoVwqq29gvryVq98JD:m2AsnAnUJoScB4oVwh2qvryXD
Score

10^/10

ramnit banker evasion persistence spyware stealer trojan upx worm
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Drops file in Drivers directory
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ramnitbankerevasionpersistencespywarestealertrojanupxworm

behavioral2

ramnitbankerevasionpersistencespywarestealertrojanupxworm

© 2018-2025

Terms | Privacy