ramnit | b201033f28361af6fd7baeaa5f1e90635198cda68a27f81d7c2baa9f667842bf | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

b201033f28...bf.dll

windows7-x64

b201033f28...bf.dll

windows10-2004-x64

Sharing

General

Target

b201033f28361af6fd7baeaa5f1e90635198cda68a27f81d7c2baa9f667842bf
Size

691KB
Sample

221030-c5sffshhhl
MD5

a2fb9029d34ba7ab009c79f11b519580
SHA1

67534234e28e24857c9f622e20a2f41b311e4cac
SHA256

b201033f28361af6fd7baeaa5f1e90635198cda68a27f81d7c2baa9f667842bf
SHA512

df87748ef041414f88ff705fb7faa794dbaa04d90e324a093f8d68223560b82f7a9c43d099fe3ef42637ccddbc694ea7027ff19ffde4a3984b85b28f9efed8f5
SSDEEP

12288:rNIyZN4+Wv4PLq6Okrh9ZN/hs9DsdSx+R0:r9TPmirh9Zdh6/i0

Score

10^/10

ramnit banker persistence spyware stealer trojan upx worm

Static task

static1

Behavioral task

behavioral1

Sample

b201033f28361af6fd7baeaa5f1e90635198cda68a27f81d7c2baa9f667842bf.dll

Resource

win7-20220812-en

ramnit banker persistence spyware stealer trojan upx worm

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

b201033f28361af6fd7baeaa5f1e90635198cda68a27f81d7c2baa9f667842bf.dll

Resource

win10v2004-20220901-en

ramnit banker spyware stealer trojan upx worm

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  b201033f28361af6fd7baeaa5f1e90635198cda68a27f81d7c2baa9f667842bf
- Size
  
  691KB
- MD5
  
  a2fb9029d34ba7ab009c79f11b519580
- SHA1
  
  67534234e28e24857c9f622e20a2f41b311e4cac
- SHA256
  
  b201033f28361af6fd7baeaa5f1e90635198cda68a27f81d7c2baa9f667842bf
- SHA512
  
  df87748ef041414f88ff705fb7faa794dbaa04d90e324a093f8d68223560b82f7a9c43d099fe3ef42637ccddbc694ea7027ff19ffde4a3984b85b28f9efed8f5
- SSDEEP
  
  12288:rNIyZN4+Wv4PLq6Okrh9ZN/hs9DsdSx+R0:r9TPmirh9Zdh6/i0
Score

10^/10

ramnit banker persistence spyware stealer trojan upx worm
- Modifies WinLogon for persistence
  persistence
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ramnitbankerpersistencespywarestealertrojanupxworm

behavioral2

ramnitbankerspywarestealertrojanupxworm

© 2018-2025

Terms | Privacy