ramnit | 0eac8023f7f98d02be864e0a0e04b98237caba618635ea8db98b20e79526c9ad | Triage

Submit
Reports

Overview

overview

Static

static

0eac8023f7...ad.dll

windows7-x64

0eac8023f7...ad.dll

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

Target

0eac8023f7f98d02be864e0a0e04b98237caba618635ea8db98b20e79526c9ad
Size

436KB
Sample

221029-v6x2fagcd4
MD5

8481ba4dc48607484e7b6fc3f8c989d5
SHA1

a2fb92290d332487853108ff9e2b662497ed497f
SHA256

0eac8023f7f98d02be864e0a0e04b98237caba618635ea8db98b20e79526c9ad
SHA512

9ed899abb2c55c02c0b397f05fc58c4c117647f9a33331c2ffbeb71938ee78932e388c55b03234d523b76757439fe5d69f4431a5279384b77e19b1596ffc13c2
SSDEEP

12288:5lVvN1QWguohInJDrn8zwNF7eCrANFe+1hI:z2Sxrn80NF77ANE

Score

10^/10

ramnit banker persistence spyware stealer trojan upx worm

Static task

static1

Behavioral task

behavioral1

Sample

0eac8023f7f98d02be864e0a0e04b98237caba618635ea8db98b20e79526c9ad.dll

Resource

win7-20220901-en

ramnit banker persistence spyware stealer trojan upx worm

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

0eac8023f7f98d02be864e0a0e04b98237caba618635ea8db98b20e79526c9ad.dll

Resource

win10v2004-20220812-en

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Targets

- Target
  
  0eac8023f7f98d02be864e0a0e04b98237caba618635ea8db98b20e79526c9ad
- Size
  
  436KB
- MD5
  
  8481ba4dc48607484e7b6fc3f8c989d5
- SHA1
  
  a2fb92290d332487853108ff9e2b662497ed497f
- SHA256
  
  0eac8023f7f98d02be864e0a0e04b98237caba618635ea8db98b20e79526c9ad
- SHA512
  
  9ed899abb2c55c02c0b397f05fc58c4c117647f9a33331c2ffbeb71938ee78932e388c55b03234d523b76757439fe5d69f4431a5279384b77e19b1596ffc13c2
- SSDEEP
  
  12288:5lVvN1QWguohInJDrn8zwNF7eCrANFe+1hI:z2Sxrn80NF77ANE
Score

10^/10

ramnit banker persistence spyware stealer trojan upx worm
- Modifies WinLogon for persistence
  persistence
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ramnitbankerpersistencespywarestealertrojanupxworm

behavioral2

© 2018-2025

Terms | Privacy