ramnit | 6a6b9ff593989a2e4f556b2a009433e81d22e32938a1b6bf4da7250b13979a93 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

6a6b9ff593...93.exe

windows7-x64

6a6b9ff593...93.exe

windows10-2004-x64

Sharing

General

Target

6a6b9ff593989a2e4f556b2a009433e81d22e32938a1b6bf4da7250b13979a93
Size

285KB
Sample

221106-v64tzsfgbq
MD5

081ec593cc5f1c00573a2cd37b099a6c
SHA1

65743adea5bce8863e606ca9b9353f4d6daf72c1
SHA256

6a6b9ff593989a2e4f556b2a009433e81d22e32938a1b6bf4da7250b13979a93
SHA512

f8f5860b74bf2e6d2bad536c69b5e19e79b57a2e91169b68f6e045d8ef6b4a96d402793732d495844e7ce6a5373903a439703977d9c7332e2c16bb962dd02313
SSDEEP

3072:AnnAQVG/LytaKItS/fiLKS+f5Aq7i5HKIdVdFDh0P5kyhg5sSZovvh6RyeSQuz3y:8OTeHI8HiL7+f5H8XG5BgiDvZ6uz

Score

10^/10

ramnit banker evasion spyware stealer trojan upx worm

Static task

static1

Behavioral task

behavioral1

Sample

6a6b9ff593989a2e4f556b2a009433e81d22e32938a1b6bf4da7250b13979a93.exe

Resource

win7-20220901-en

ramnit banker spyware stealer trojan upx worm

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

6a6b9ff593989a2e4f556b2a009433e81d22e32938a1b6bf4da7250b13979a93.exe

Resource

win10v2004-20220901-en

ramnit banker evasion spyware stealer trojan upx worm

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  6a6b9ff593989a2e4f556b2a009433e81d22e32938a1b6bf4da7250b13979a93
- Size
  
  285KB
- MD5
  
  081ec593cc5f1c00573a2cd37b099a6c
- SHA1
  
  65743adea5bce8863e606ca9b9353f4d6daf72c1
- SHA256
  
  6a6b9ff593989a2e4f556b2a009433e81d22e32938a1b6bf4da7250b13979a93
- SHA512
  
  f8f5860b74bf2e6d2bad536c69b5e19e79b57a2e91169b68f6e045d8ef6b4a96d402793732d495844e7ce6a5373903a439703977d9c7332e2c16bb962dd02313
- SSDEEP
  
  3072:AnnAQVG/LytaKItS/fiLKS+f5Aq7i5HKIdVdFDh0P5kyhg5sSZovvh6RyeSQuz3y:8OTeHI8HiL7+f5H8XG5BgiDvZ6uz
Score

10^/10

ramnit banker spyware stealer trojan upx worm evasion
- Modifies firewall policy service
  evasion
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ramnitbankerspywarestealertrojanupxworm

behavioral2

ramnitbankerevasionspywarestealertrojanupxworm

© 2018-2025

Terms | Privacy