ramnit | 811cf14fef81ba36fdea587e62c8ffdf3e7a9e6e39cbf5e3bb832a48034e24f5 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

811cf14fef...f5.dll

windows7-x64

811cf14fef...f5.dll

windows10-2004-x64

Sharing

General

Target

811cf14fef81ba36fdea587e62c8ffdf3e7a9e6e39cbf5e3bb832a48034e24f5
Size

202KB
Sample

221003-x52dkscea9
MD5

48bc099ccb43ad369f1c40f1685d31b0
SHA1

e0ac25118861257be46dcd1ed97ede8de7a60fa5
SHA256

811cf14fef81ba36fdea587e62c8ffdf3e7a9e6e39cbf5e3bb832a48034e24f5
SHA512

c6b6c56e64c14f25837751201848edc93ed5f17c5060e833137a789af13f4c7589be72ccde9c03d2633e47633a128e412f6576ea380ebc37691fb614dfc20208
SSDEEP

3072:uQ6qrZzgig9FkSYGxdtkpFiNQiXfXqS2E7lqpQtzmoAbL:upqrZfg9FLYOdEFi9X2PQt4b

Score

10^/10

ramnit banker spyware stealer trojan upx worm

Static task

static1

Behavioral task

behavioral1

Sample

811cf14fef81ba36fdea587e62c8ffdf3e7a9e6e39cbf5e3bb832a48034e24f5.dll

Resource

win7-20220812-en

ramnit banker spyware stealer trojan upx worm

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

811cf14fef81ba36fdea587e62c8ffdf3e7a9e6e39cbf5e3bb832a48034e24f5.dll

Resource

win10v2004-20220812-en

ramnit banker spyware stealer trojan upx worm

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  811cf14fef81ba36fdea587e62c8ffdf3e7a9e6e39cbf5e3bb832a48034e24f5
- Size
  
  202KB
- MD5
  
  48bc099ccb43ad369f1c40f1685d31b0
- SHA1
  
  e0ac25118861257be46dcd1ed97ede8de7a60fa5
- SHA256
  
  811cf14fef81ba36fdea587e62c8ffdf3e7a9e6e39cbf5e3bb832a48034e24f5
- SHA512
  
  c6b6c56e64c14f25837751201848edc93ed5f17c5060e833137a789af13f4c7589be72ccde9c03d2633e47633a128e412f6576ea380ebc37691fb614dfc20208
- SSDEEP
  
  3072:uQ6qrZzgig9FkSYGxdtkpFiNQiXfXqS2E7lqpQtzmoAbL:upqrZfg9FLYOdEFi9X2PQt4b
Score

10^/10

ramnit banker spyware stealer trojan upx worm
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ramnitbankerspywarestealertrojanupxworm

behavioral2

ramnitbankerspywarestealertrojanupxworm

© 2018-2025

Terms | Privacy