ramnit | 9af414175d1a699f426f5c071c691a560633db47b8d59c9f53298a6eebb206a6 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

9af414175d...a6.exe

windows7-x64

9af414175d...a6.exe

windows10-2004-x64

Sharing

General

Target

9af414175d1a699f426f5c071c691a560633db47b8d59c9f53298a6eebb206a6
Size

888KB
Sample

221030-vprhbsbcc4
MD5

82e29f4581342f7d18464fe7935bb600
SHA1

e0220e5ba3023f2fb42c2f9d379b809c3f2f7aca
SHA256

9af414175d1a699f426f5c071c691a560633db47b8d59c9f53298a6eebb206a6
SHA512

2ad530c75edc9c62b15ae1384b4c7f1a7b83d7407bab08ba580d540e1f09c423beda98006b1b3931447c82d78b783860e43541e545f2a206f70d78a153a1134e
SSDEEP

12288:VHATf2ycdFG9+krC8MIvumXdw9eDuUltBeDuUlVEtEvVxpbN:Va2ycPU+krC8tWAw+yxpbN

Score

10^/10

ramnit banker evasion persistence spyware stealer trojan worm

Static task

static1

Behavioral task

behavioral1

Sample

9af414175d1a699f426f5c071c691a560633db47b8d59c9f53298a6eebb206a6.exe

Resource

win7-20220812-en

ramnit banker evasion persistence spyware stealer trojan worm

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

9af414175d1a699f426f5c071c691a560633db47b8d59c9f53298a6eebb206a6.exe

Resource

win10v2004-20220812-en

ramnit banker spyware stealer trojan worm

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  9af414175d1a699f426f5c071c691a560633db47b8d59c9f53298a6eebb206a6
- Size
  
  888KB
- MD5
  
  82e29f4581342f7d18464fe7935bb600
- SHA1
  
  e0220e5ba3023f2fb42c2f9d379b809c3f2f7aca
- SHA256
  
  9af414175d1a699f426f5c071c691a560633db47b8d59c9f53298a6eebb206a6
- SHA512
  
  2ad530c75edc9c62b15ae1384b4c7f1a7b83d7407bab08ba580d540e1f09c423beda98006b1b3931447c82d78b783860e43541e545f2a206f70d78a153a1134e
- SSDEEP
  
  12288:VHATf2ycdFG9+krC8MIvumXdw9eDuUltBeDuUlVEtEvVxpbN:Va2ycPU+krC8tWAw+yxpbN
Score

10^/10

ramnit banker evasion persistence spyware stealer trojan worm
- Modifies WinLogon for persistence
  persistence
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- UAC bypass
  evasion trojan
- Executes dropped EXE
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ramnitbankerevasionpersistencespywarestealertrojanworm

behavioral2

ramnitbankerspywarestealertrojanworm

© 2018-2025

Terms | Privacy