ramnit | 120f5ac0d690b703449d67472e63560a5b2e076df856d6c7429768654c0a0430 | Triage

Submit
Reports

Overview

overview

Static

static

120f5ac0d6...30.dll

windows7-x64

120f5ac0d6...30.dll

windows10-2004-x64

Sharing

General

Target

120f5ac0d690b703449d67472e63560a5b2e076df856d6c7429768654c0a0430
Size

335KB
Sample

221030-db82saheb9
MD5

a323279438874e630ee2a31972a024b0
SHA1

51287ec93d526d75e87ba435ee3ccb6754a2d445
SHA256

120f5ac0d690b703449d67472e63560a5b2e076df856d6c7429768654c0a0430
SHA512

6119c414ae96bc587660b3ed499c145328960637fc870a5c676bd2040acec5cf05cedb2d81d4f949189f3a4cbae3b399042f3aeb1168048b61fefd75486acdad
SSDEEP

6144:exGMku94XCzTurXzURlbDC9K69u2m+SqOWcsQQKiY4leDDGoggH/VREG6j4Gm01b:exGCOXzURlbDC9K69u2m+SqOWcsQQKiz

Score

10^/10

ramnit banker persistence spyware stealer trojan upx worm

Static task

static1

Behavioral task

behavioral1

Sample

120f5ac0d690b703449d67472e63560a5b2e076df856d6c7429768654c0a0430.dll

Resource

win7-20220812-en

ramnit banker persistence spyware stealer trojan upx worm

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

120f5ac0d690b703449d67472e63560a5b2e076df856d6c7429768654c0a0430.dll

Resource

win10v2004-20220812-en

ramnit banker spyware stealer trojan upx worm

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  120f5ac0d690b703449d67472e63560a5b2e076df856d6c7429768654c0a0430
- Size
  
  335KB
- MD5
  
  a323279438874e630ee2a31972a024b0
- SHA1
  
  51287ec93d526d75e87ba435ee3ccb6754a2d445
- SHA256
  
  120f5ac0d690b703449d67472e63560a5b2e076df856d6c7429768654c0a0430
- SHA512
  
  6119c414ae96bc587660b3ed499c145328960637fc870a5c676bd2040acec5cf05cedb2d81d4f949189f3a4cbae3b399042f3aeb1168048b61fefd75486acdad
- SSDEEP
  
  6144:exGMku94XCzTurXzURlbDC9K69u2m+SqOWcsQQKiY4leDDGoggH/VREG6j4Gm01b:exGCOXzURlbDC9K69u2m+SqOWcsQQKiz
Score

10^/10

ramnit banker persistence spyware stealer trojan upx worm
- Modifies WinLogon for persistence
  persistence
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ramnitbankerpersistencespywarestealertrojanupxworm

behavioral2

ramnitbankerspywarestealertrojanupxworm

© 2018-2024

Terms | Privacy