ramnit | 9b47736b2f4f8e1d6910e70fcfa845f63546c675b0caed7b9cfb9132cca799f5 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

9b47736b2f...f5.dll

windows7-x64

9b47736b2f...f5.dll

windows10-2004-x64

Sharing

General

Target

9b47736b2f4f8e1d6910e70fcfa845f63546c675b0caed7b9cfb9132cca799f5
Size

108KB
Sample

221003-x3szescdhk
MD5

3cabefb4a81088fdda796ff198beccd0
SHA1

59db5334f5a24f2d985dafabbd1e669b74a8210e
SHA256

9b47736b2f4f8e1d6910e70fcfa845f63546c675b0caed7b9cfb9132cca799f5
SHA512

3c7c6665554c59418855de1bb58ca6aeb146827cbff073d715d9deed6f26db7f67852655285b550ac7d45a8676362001782d4948eab3e27deef494c3191a2613
SSDEEP

1536:aXFJ2ISYygC4JtYhYjMgTfX7tKg8PwOr/xrVC6lRwUhQmoFcWpciliUjp:a3PS2MgTfLtKg8B9YuwUhloFcWpcili

Score

10^/10

ramnit banker spyware stealer trojan upx worm

Static task

static1

Behavioral task

behavioral1

Sample

9b47736b2f4f8e1d6910e70fcfa845f63546c675b0caed7b9cfb9132cca799f5.dll

Resource

win7-20220812-en

ramnit banker spyware stealer trojan upx worm

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

9b47736b2f4f8e1d6910e70fcfa845f63546c675b0caed7b9cfb9132cca799f5.dll

Resource

win10v2004-20220812-en

ramnit banker spyware stealer trojan upx worm

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  9b47736b2f4f8e1d6910e70fcfa845f63546c675b0caed7b9cfb9132cca799f5
- Size
  
  108KB
- MD5
  
  3cabefb4a81088fdda796ff198beccd0
- SHA1
  
  59db5334f5a24f2d985dafabbd1e669b74a8210e
- SHA256
  
  9b47736b2f4f8e1d6910e70fcfa845f63546c675b0caed7b9cfb9132cca799f5
- SHA512
  
  3c7c6665554c59418855de1bb58ca6aeb146827cbff073d715d9deed6f26db7f67852655285b550ac7d45a8676362001782d4948eab3e27deef494c3191a2613
- SSDEEP
  
  1536:aXFJ2ISYygC4JtYhYjMgTfX7tKg8PwOr/xrVC6lRwUhQmoFcWpciliUjp:a3PS2MgTfLtKg8B9YuwUhloFcWpcili
Score

10^/10

ramnit banker spyware stealer trojan upx worm
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ramnitbankerspywarestealertrojanupxworm

behavioral2

ramnitbankerspywarestealertrojanupxworm

© 2018-2025

Terms | Privacy