ramnit | cdf8b75723e16332f7e2f2706cf28c290776f009b87e3ab9b3de9d728d7d5f34 | Triage

Submit
Reports

Overview

overview

Static

static

cdf8b75723...34.exe

windows7-x64

cdf8b75723...34.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

cdf8b75723e16332f7e2f2706cf28c290776f009b87e3ab9b3de9d728d7d5f34
Size

242KB
Sample

221106-ze1qgadbep
MD5

07660cfe85837aba37684ce3723cb7b7
SHA1

1de4535b105c4f3fdc9ee9d7611c5b17ae36ab87
SHA256

cdf8b75723e16332f7e2f2706cf28c290776f009b87e3ab9b3de9d728d7d5f34
SHA512

75463a6155a783544cb82b89e82dbfb35203be0df00d1f73a23eebad2f673329513e97ba845374a43de6f68ea2a2743c76c543d71fe4ef7667e15387ba829129
SSDEEP

3072:enxwgxgfR/DVG7wBpEh1cFjhmA/+TZeRsWrVCAg107ODGDfaXgDKii+tOE0L6XMM:W+xDVG0BpCSaK+3WrA5u6IfaXg3H0GB

Score

10^/10

ramnit banker persistence spyware stealer trojan upx worm

Static task

static1

Behavioral task

behavioral1

Sample

cdf8b75723e16332f7e2f2706cf28c290776f009b87e3ab9b3de9d728d7d5f34.exe

Resource

win7-20220812-en

ramnit banker persistence spyware stealer trojan upx worm

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

cdf8b75723e16332f7e2f2706cf28c290776f009b87e3ab9b3de9d728d7d5f34.exe

Resource

win10v2004-20220812-en

ramnit banker spyware stealer trojan upx worm

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  cdf8b75723e16332f7e2f2706cf28c290776f009b87e3ab9b3de9d728d7d5f34
- Size
  
  242KB
- MD5
  
  07660cfe85837aba37684ce3723cb7b7
- SHA1
  
  1de4535b105c4f3fdc9ee9d7611c5b17ae36ab87
- SHA256
  
  cdf8b75723e16332f7e2f2706cf28c290776f009b87e3ab9b3de9d728d7d5f34
- SHA512
  
  75463a6155a783544cb82b89e82dbfb35203be0df00d1f73a23eebad2f673329513e97ba845374a43de6f68ea2a2743c76c543d71fe4ef7667e15387ba829129
- SSDEEP
  
  3072:enxwgxgfR/DVG7wBpEh1cFjhmA/+TZeRsWrVCAg107ODGDfaXgDKii+tOE0L6XMM:W+xDVG0BpCSaK+3WrA5u6IfaXg3H0GB
Score

10^/10

ramnit banker persistence spyware stealer trojan upx worm
- Modifies WinLogon for persistence
  persistence
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ramnitbankerpersistencespywarestealertrojanupxworm

behavioral2

ramnitbankerspywarestealertrojanupxworm

© 2018-2025

Terms | Privacy