ramnit | 280e875558885b3a82fc5c4a4f0d25c16f6ab412c9d855053ca2bceb38b5a667 | Triage

Submit
Reports

Overview

overview

Static

static

280e875558...67.exe

windows7-x64

280e875558...67.exe

windows10-2004-x64

Sharing

General

Target

280e875558885b3a82fc5c4a4f0d25c16f6ab412c9d855053ca2bceb38b5a667
Size

7.5MB
Sample

221028-2j257safdr
MD5

ba351f8b5c47b70eee91328f2bc2345b
SHA1

94b4eb2cbab81d9d6b2883bf96ade2cebc3157cb
SHA256

280e875558885b3a82fc5c4a4f0d25c16f6ab412c9d855053ca2bceb38b5a667
SHA512

2a80ce863e5a037d58d618a6da9ef17a1dab86f23191348e49e4985999d3fc86cb30d3ec123d43654a4637e2ec53c21204df8141768945c206806a4f1ccf5bb6
SSDEEP

196608:3XnJBzfmUJZhtsZythv8GLvm0ITvrLU/defgZE:3XnTDxr3D6jLU/w9

Score

10^/10

ramnit rms banker rat spyware stealer trojan upx worm

Static task

static1

Behavioral task

behavioral1

Sample

280e875558885b3a82fc5c4a4f0d25c16f6ab412c9d855053ca2bceb38b5a667.exe

Resource

win7-20220901-en

ramnit rms banker rat spyware stealer trojan upx worm

windows7-x64

23 signatures

150 seconds

Behavioral task

behavioral2

Sample

280e875558885b3a82fc5c4a4f0d25c16f6ab412c9d855053ca2bceb38b5a667.exe

Resource

win10v2004-20220901-en

ramnit rms banker rat spyware stealer trojan upx worm

windows10-2004-x64

26 signatures

150 seconds

Malware Config

Targets

- Target
  
  280e875558885b3a82fc5c4a4f0d25c16f6ab412c9d855053ca2bceb38b5a667
- Size
  
  7.5MB
- MD5
  
  ba351f8b5c47b70eee91328f2bc2345b
- SHA1
  
  94b4eb2cbab81d9d6b2883bf96ade2cebc3157cb
- SHA256
  
  280e875558885b3a82fc5c4a4f0d25c16f6ab412c9d855053ca2bceb38b5a667
- SHA512
  
  2a80ce863e5a037d58d618a6da9ef17a1dab86f23191348e49e4985999d3fc86cb30d3ec123d43654a4637e2ec53c21204df8141768945c206806a4f1ccf5bb6
- SSDEEP
  
  196608:3XnJBzfmUJZhtsZythv8GLvm0ITvrLU/defgZE:3XnTDxr3D6jLU/w9
Score

10^/10

ramnit rms banker rat spyware stealer trojan upx worm
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Blocklisted process makes network request
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Modify Registry

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

ramnitrmsbankerratspywarestealertrojanupxworm

behavioral2

ramnitrmsbankerratspywarestealertrojanupxworm

© 2018-2024

Terms | Privacy