ramnit | a93ec4cc60524de7fe715e21888fe699fb6ed4d4c3d0ee773535243311be56ed | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

a93ec4cc60...ed.exe

windows7-x64

a93ec4cc60...ed.exe

windows10-2004-x64

Sharing

General

Target

a93ec4cc60524de7fe715e21888fe699fb6ed4d4c3d0ee773535243311be56ed
Size

297KB
Sample

221121-mlvrksae6v
MD5

2e435b0a45e2b6de09b49b1a6ebe9a70
SHA1

a4b1b9bbebe54f6ca070962c9f96143f1cb72d2f
SHA256

a93ec4cc60524de7fe715e21888fe699fb6ed4d4c3d0ee773535243311be56ed
SHA512

f46c5fa6613afb7e49018ceec781604ad3e013344630fb27f8752cab7f9bbb8372f88f07cf97cf07819e486cad75b629914cc0f6e7f24801449f17b0a7148036
SSDEEP

6144:j+xDVG0BpAComW1hh51lHEKSoWE5jlVUAF:Sa0BmComCHE65jAy

Score

10^/10

ramnit banker evasion spyware stealer trojan upx worm

Static task

static1

Behavioral task

behavioral1

Sample

a93ec4cc60524de7fe715e21888fe699fb6ed4d4c3d0ee773535243311be56ed.exe

Resource

win7-20221111-en

ramnit banker spyware stealer trojan upx worm

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

a93ec4cc60524de7fe715e21888fe699fb6ed4d4c3d0ee773535243311be56ed.exe

Resource

win10v2004-20221111-en

ramnit banker evasion spyware stealer trojan upx worm

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  a93ec4cc60524de7fe715e21888fe699fb6ed4d4c3d0ee773535243311be56ed
- Size
  
  297KB
- MD5
  
  2e435b0a45e2b6de09b49b1a6ebe9a70
- SHA1
  
  a4b1b9bbebe54f6ca070962c9f96143f1cb72d2f
- SHA256
  
  a93ec4cc60524de7fe715e21888fe699fb6ed4d4c3d0ee773535243311be56ed
- SHA512
  
  f46c5fa6613afb7e49018ceec781604ad3e013344630fb27f8752cab7f9bbb8372f88f07cf97cf07819e486cad75b629914cc0f6e7f24801449f17b0a7148036
- SSDEEP
  
  6144:j+xDVG0BpAComW1hh51lHEKSoWE5jlVUAF:Sa0BmComCHE65jAy
Score

10^/10

ramnit banker spyware stealer trojan upx worm evasion
- Modifies firewall policy service
  evasion
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ramnitbankerspywarestealertrojanupxworm

behavioral2

ramnitbankerevasionspywarestealertrojanupxworm

© 2018-2025

Terms | Privacy