ramnit | 57fe1cd8ecd2ae5d4958a23d095d70eb7d12962a75c4a96b06a06fce5b374142 | Triage

Submit
Reports

Overview

overview

Static

static

57fe1cd8ec...42.dll

windows7-x64

57fe1cd8ec...42.dll

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

57fe1cd8ecd2ae5d4958a23d095d70eb7d12962a75c4a96b06a06fce5b374142
Size

2.4MB
Sample

221121-m2afksff23
MD5

09d7366768dbd47e18b36207d7c7c50c
SHA1

8ad6942197b45293fa6ec4e6d051fc8ed7a6cc95
SHA256

57fe1cd8ecd2ae5d4958a23d095d70eb7d12962a75c4a96b06a06fce5b374142
SHA512

4fb3b9f9b25e07c36ab657453a22e2711cb849412cc112209ce0b2aeda6c7d77f32bde5bab5945ce78fc1b261ca1007ff35c5b6160621851c96afe5441bec9e4
SSDEEP

49152:rU3U+ZYmxjpv7x4GFM/+b8dTMNh9Wr73h7NXSWEqNJO5hYTVMCRisKEOe4:riU2YmxjpDx4Zo8dYNh9q73h7NXYkRit

Score

10^/10

ramnit banker persistence spyware stealer trojan upx worm

Static task

static1

Behavioral task

behavioral1

Sample

57fe1cd8ecd2ae5d4958a23d095d70eb7d12962a75c4a96b06a06fce5b374142.dll

Resource

win7-20220812-en

ramnit banker persistence spyware stealer trojan upx worm

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

57fe1cd8ecd2ae5d4958a23d095d70eb7d12962a75c4a96b06a06fce5b374142.dll

Resource

win10v2004-20220812-en

ramnit banker spyware stealer trojan upx worm

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  57fe1cd8ecd2ae5d4958a23d095d70eb7d12962a75c4a96b06a06fce5b374142
- Size
  
  2.4MB
- MD5
  
  09d7366768dbd47e18b36207d7c7c50c
- SHA1
  
  8ad6942197b45293fa6ec4e6d051fc8ed7a6cc95
- SHA256
  
  57fe1cd8ecd2ae5d4958a23d095d70eb7d12962a75c4a96b06a06fce5b374142
- SHA512
  
  4fb3b9f9b25e07c36ab657453a22e2711cb849412cc112209ce0b2aeda6c7d77f32bde5bab5945ce78fc1b261ca1007ff35c5b6160621851c96afe5441bec9e4
- SSDEEP
  
  49152:rU3U+ZYmxjpv7x4GFM/+b8dTMNh9Wr73h7NXSWEqNJO5hYTVMCRisKEOe4:riU2YmxjpDx4Zo8dYNh9q73h7NXYkRit
Score

10^/10

ramnit banker persistence spyware stealer trojan upx worm
- Modifies WinLogon for persistence
  persistence
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ramnitbankerpersistencespywarestealertrojanupxworm

behavioral2

ramnitbankerspywarestealertrojanupxworm

© 2018-2025

Terms | Privacy