ramnit | 3254e607ab3c9a7874d4ff1bb1f1755cc2b300b5b36d4542a7ea0307aa3455ea | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3254e607ab...ea.dll

windows7-x64

3254e607ab...ea.dll

windows10-2004-x64

Sharing

General

Target

3254e607ab3c9a7874d4ff1bb1f1755cc2b300b5b36d4542a7ea0307aa3455ea
Size

396KB
Sample

221106-z8rdwsedfj
MD5

0ca705755a800563cc8b7ea2e4fe4040
SHA1

d1d6b3fbc7807ae7a6fb64e673911324fe0c7eec
SHA256

3254e607ab3c9a7874d4ff1bb1f1755cc2b300b5b36d4542a7ea0307aa3455ea
SHA512

7479c1338ae93ad5d59b2bd76b22af0e453322caf0c0634695c6ebe852448abab0373367db95b89f119832f69019db806de938596418794d237c67703306721a
SSDEEP

12288:iGy4ZRxlsgwvkruUMDtmF7dCLftDV1KG:nvxls/vkruUMDIF7qDj

Score

10^/10

ramnit banker spyware stealer trojan upx worm

Static task

static1

Behavioral task

behavioral1

Sample

3254e607ab3c9a7874d4ff1bb1f1755cc2b300b5b36d4542a7ea0307aa3455ea.dll

Resource

win7-20220812-en

ramnit banker spyware stealer trojan upx worm

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

3254e607ab3c9a7874d4ff1bb1f1755cc2b300b5b36d4542a7ea0307aa3455ea.dll

Resource

win10v2004-20220812-en

ramnit banker spyware stealer trojan upx worm

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  3254e607ab3c9a7874d4ff1bb1f1755cc2b300b5b36d4542a7ea0307aa3455ea
- Size
  
  396KB
- MD5
  
  0ca705755a800563cc8b7ea2e4fe4040
- SHA1
  
  d1d6b3fbc7807ae7a6fb64e673911324fe0c7eec
- SHA256
  
  3254e607ab3c9a7874d4ff1bb1f1755cc2b300b5b36d4542a7ea0307aa3455ea
- SHA512
  
  7479c1338ae93ad5d59b2bd76b22af0e453322caf0c0634695c6ebe852448abab0373367db95b89f119832f69019db806de938596418794d237c67703306721a
- SSDEEP
  
  12288:iGy4ZRxlsgwvkruUMDtmF7dCLftDV1KG:nvxls/vkruUMDIF7qDj
Score

10^/10

ramnit banker spyware stealer trojan upx worm
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ramnitbankerspywarestealertrojanupxworm

behavioral2

ramnitbankerspywarestealertrojanupxworm

© 2018-2025

Terms | Privacy