ramnit | a1335376041cdfcab9c8620eed3639502efe31194d96424ef96c403fc895c6c0 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

a133537604...c0.exe

windows7-x64

a133537604...c0.exe

windows10-2004-x64

Sharing

General

Target

a1335376041cdfcab9c8620eed3639502efe31194d96424ef96c403fc895c6c0
Size

1.4MB
Sample

221106-znbspsbcg3
MD5

1a2f54c41cd250b09ef510d050edf1d0
SHA1

c902dfcce97b2a5aa9314c2e48372c7efd11b203
SHA256

a1335376041cdfcab9c8620eed3639502efe31194d96424ef96c403fc895c6c0
SHA512

95170bae682b14e9d72eda149218f5a2a8281aa5ca3060d23e45a1b505dd4e2c2af7ddb475b8820a66dbe4d9ea0283373076cead0cb2e35248ac0eb451074c02
SSDEEP

24576:1WLe3ALgHOiGxSdVRudb0RX3owL1PvXlTZOTSpS/e7+6Px+LTGJOp:1WHLjCRG0RX1OTSpS/e7Bp+LTGJO

Score

10^/10

ramnit banker spyware stealer trojan upx worm

Static task

static1

Behavioral task

behavioral1

Sample

a1335376041cdfcab9c8620eed3639502efe31194d96424ef96c403fc895c6c0.exe

Resource

win7-20220901-en

ramnit banker spyware stealer trojan upx worm

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

a1335376041cdfcab9c8620eed3639502efe31194d96424ef96c403fc895c6c0.exe

Resource

win10v2004-20220812-en

ramnit banker spyware stealer trojan upx worm

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  a1335376041cdfcab9c8620eed3639502efe31194d96424ef96c403fc895c6c0
- Size
  
  1.4MB
- MD5
  
  1a2f54c41cd250b09ef510d050edf1d0
- SHA1
  
  c902dfcce97b2a5aa9314c2e48372c7efd11b203
- SHA256
  
  a1335376041cdfcab9c8620eed3639502efe31194d96424ef96c403fc895c6c0
- SHA512
  
  95170bae682b14e9d72eda149218f5a2a8281aa5ca3060d23e45a1b505dd4e2c2af7ddb475b8820a66dbe4d9ea0283373076cead0cb2e35248ac0eb451074c02
- SSDEEP
  
  24576:1WLe3ALgHOiGxSdVRudb0RX3owL1PvXlTZOTSpS/e7+6Px+LTGJOp:1WHLjCRG0RX1OTSpS/e7Bp+LTGJO
Score

10^/10

ramnit banker spyware stealer trojan upx worm
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ramnitbankerspywarestealertrojanupxworm

behavioral2

ramnitbankerspywarestealertrojanupxworm

© 2018-2025

Terms | Privacy