ramnit | e32ab7cabe965e4c4228c3ecb9a67dff169295bddb56d34789a34f7bdf8e4529 | Triage

Submit
Reports

Overview

overview

Static

static

e32ab7cabe...29.exe

windows7-x64

e32ab7cabe...29.exe

windows10-2004-x64

Sharing

General

Target

e32ab7cabe965e4c4228c3ecb9a67dff169295bddb56d34789a34f7bdf8e4529
Size

252KB
Sample

221123-tarn4sde35
MD5

43bd08991f7824b978d998ab7a9b0600
SHA1

5e1ae02400e5854c87781a3547e143d31d85312c
SHA256

e32ab7cabe965e4c4228c3ecb9a67dff169295bddb56d34789a34f7bdf8e4529
SHA512

cd353c7f7104b6dc58a75c4c0a52b049fcc61ccdf6eba923d6f3539584c8ea7f2905bda01cc344f0d9dc579932ae317cef9e0699f1c0614c74dd6a2e54c68d80
SSDEEP

3072:mR2xn3k0CdM1vabyzJYWqaH87onClrA42s8Y/DH8CBDKQ4soITntOOzs1lEaX:mR2J0LS6VdAClrA42ZYrN2Q4ctOOojEM

Score

10^/10

ramnit sality backdoor banker evasion persistence spyware stealer trojan upx worm

Static task

static1

Behavioral task

behavioral1

Sample

e32ab7cabe965e4c4228c3ecb9a67dff169295bddb56d34789a34f7bdf8e4529.exe

Resource

win7-20220812-en

ramnit banker persistence spyware stealer trojan upx worm

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

e32ab7cabe965e4c4228c3ecb9a67dff169295bddb56d34789a34f7bdf8e4529.exe

Resource

win10v2004-20220812-en

ramnit sality backdoor banker evasion spyware stealer trojan upx worm

windows10-2004-x64

23 signatures

150 seconds

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

- Target
  
  e32ab7cabe965e4c4228c3ecb9a67dff169295bddb56d34789a34f7bdf8e4529
- Size
  
  252KB
- MD5
  
  43bd08991f7824b978d998ab7a9b0600
- SHA1
  
  5e1ae02400e5854c87781a3547e143d31d85312c
- SHA256
  
  e32ab7cabe965e4c4228c3ecb9a67dff169295bddb56d34789a34f7bdf8e4529
- SHA512
  
  cd353c7f7104b6dc58a75c4c0a52b049fcc61ccdf6eba923d6f3539584c8ea7f2905bda01cc344f0d9dc579932ae317cef9e0699f1c0614c74dd6a2e54c68d80
- SSDEEP
  
  3072:mR2xn3k0CdM1vabyzJYWqaH87onClrA42s8Y/DH8CBDKQ4soITntOOzs1lEaX:mR2J0LS6VdAClrA42ZYrN2Q4ctOOojEM
Score

10^/10

ramnit banker persistence spyware stealer trojan upx worm sality backdoor evasion
- Modifies WinLogon for persistence
  persistence
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Winlogon Helper DLL

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ramnitbankerpersistencespywarestealertrojanupxworm

behavioral2

ramnitsalitybackdoorbankerevasionspywarestealertrojanupxworm

© 2018-2024

Terms | Privacy