ramnit | 64b1bfcdf6ce49a3aa04f770477240febd03bddfd19de4e533e5a3eb5ba05eac | Triage

Submit
Reports

Overview

overview

Static

static

64b1bfcdf6...ac.exe

windows7-x64

64b1bfcdf6...ac.exe

windows10-2004-x64

Sharing

General

Target

64b1bfcdf6ce49a3aa04f770477240febd03bddfd19de4e533e5a3eb5ba05eac
Size

490KB
Sample

221030-27byxsfbdm
MD5

a16cc610dec8f49ece698e64750de090
SHA1

56fd8a3fc76a26d2e4c228fcf383450f0e8af48b
SHA256

64b1bfcdf6ce49a3aa04f770477240febd03bddfd19de4e533e5a3eb5ba05eac
SHA512

d8ea9e3754918793d6f468055a84ceb61767885f36f0998ceaabbc7a51c7b95f417112838c2acd6bd9ff5de60d097409bf5ed0e302e63d727b967d77c05a42f5
SSDEEP

12288:ma0BGMCI+p8deJkwZJjNk3YssSq0wbRy/u:mjGDWw1jNk3aXRy2

Score

10^/10

ramnit banker evasion spyware stealer trojan upx worm

Static task

static1

Behavioral task

behavioral1

Sample

64b1bfcdf6ce49a3aa04f770477240febd03bddfd19de4e533e5a3eb5ba05eac.exe

Resource

win7-20220812-en

ramnit banker spyware stealer trojan upx worm

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

64b1bfcdf6ce49a3aa04f770477240febd03bddfd19de4e533e5a3eb5ba05eac.exe

Resource

win10v2004-20220812-en

ramnit banker evasion spyware stealer trojan upx worm

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  64b1bfcdf6ce49a3aa04f770477240febd03bddfd19de4e533e5a3eb5ba05eac
- Size
  
  490KB
- MD5
  
  a16cc610dec8f49ece698e64750de090
- SHA1
  
  56fd8a3fc76a26d2e4c228fcf383450f0e8af48b
- SHA256
  
  64b1bfcdf6ce49a3aa04f770477240febd03bddfd19de4e533e5a3eb5ba05eac
- SHA512
  
  d8ea9e3754918793d6f468055a84ceb61767885f36f0998ceaabbc7a51c7b95f417112838c2acd6bd9ff5de60d097409bf5ed0e302e63d727b967d77c05a42f5
- SSDEEP
  
  12288:ma0BGMCI+p8deJkwZJjNk3YssSq0wbRy/u:mjGDWw1jNk3aXRy2
Score

10^/10

ramnit banker spyware stealer trojan upx worm evasion
- Modifies firewall policy service
  evasion
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Drops file in Drivers directory
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ramnitbankerspywarestealertrojanupxworm

behavioral2

ramnitbankerevasionspywarestealertrojanupxworm

© 2018-2025

Terms | Privacy