ramnit | 7f3893ca8a8823f52d0d9885afa5efed6ff5f689202e00d75ca98f283661caf8 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

7f3893ca8a...f8.dll

windows7-x64

7f3893ca8a...f8.dll

windows10-2004-x64

Sharing

General

Target

7f3893ca8a8823f52d0d9885afa5efed6ff5f689202e00d75ca98f283661caf8
Size

640KB
Sample

221106-ztpazsbfb8
MD5

0ded733cc0a7040e28c4be0178a12910
SHA1

9d11daa466a2b6d3c84fbc4c8af2d1407ae93df9
SHA256

7f3893ca8a8823f52d0d9885afa5efed6ff5f689202e00d75ca98f283661caf8
SHA512

b94ba50f9670182fc431f49e3121ab33dd6d169d1604ee15d349537a63ab53696122e47bcfa7d277ce6f62a63eebcddd292a5ee2750c0fb18261e072ccf3b615
SSDEEP

12288:lkTNnabKPWWH2bfCQrSO5AjzcCWdhTQ7ob3JMrhcrHzNjHThb:STR2KPl2zCQrSDjzcCWIA3JwcTRV

Score

10^/10

ramnit banker spyware stealer trojan upx worm

Static task

static1

Behavioral task

behavioral1

Sample

7f3893ca8a8823f52d0d9885afa5efed6ff5f689202e00d75ca98f283661caf8.dll

Resource

win7-20220812-en

ramnit banker spyware stealer trojan upx worm

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

7f3893ca8a8823f52d0d9885afa5efed6ff5f689202e00d75ca98f283661caf8.dll

Resource

win10v2004-20220901-en

ramnit banker spyware stealer trojan upx worm

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  7f3893ca8a8823f52d0d9885afa5efed6ff5f689202e00d75ca98f283661caf8
- Size
  
  640KB
- MD5
  
  0ded733cc0a7040e28c4be0178a12910
- SHA1
  
  9d11daa466a2b6d3c84fbc4c8af2d1407ae93df9
- SHA256
  
  7f3893ca8a8823f52d0d9885afa5efed6ff5f689202e00d75ca98f283661caf8
- SHA512
  
  b94ba50f9670182fc431f49e3121ab33dd6d169d1604ee15d349537a63ab53696122e47bcfa7d277ce6f62a63eebcddd292a5ee2750c0fb18261e072ccf3b615
- SSDEEP
  
  12288:lkTNnabKPWWH2bfCQrSO5AjzcCWdhTQ7ob3JMrhcrHzNjHThb:STR2KPl2zCQrSDjzcCWIA3JwcTRV
Score

10^/10

ramnit banker spyware stealer trojan upx worm
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ramnitbankerspywarestealertrojanupxworm

behavioral2

ramnitbankerspywarestealertrojanupxworm

© 2018-2025

Terms | Privacy