ramnit | a23716aa148bc21cd66dc5ef0e6b479629bfe93a028c62a49c30c361f4024cf3 | Triage

Submit
Reports

Overview

overview

Static

static

a23716aa14...f3.exe

windows7-x64

a23716aa14...f3.exe

windows10-2004-x64

Sharing

General

Target

a23716aa148bc21cd66dc5ef0e6b479629bfe93a028c62a49c30c361f4024cf3
Size

353KB
Sample

221123-vgnfpsbh7w
MD5

43728f389645639be29d3f15060a6a10
SHA1

a1ac9c9cdc9aa77891991b7b4f6bb38fbb6de9b9
SHA256

a23716aa148bc21cd66dc5ef0e6b479629bfe93a028c62a49c30c361f4024cf3
SHA512

459445b39ec9218df90f08a3f836484455f77bf802036a9c18999b2040b04b49bdcd9cab0a810a068abb727446654919e621d5ff7ef3fb70bd4f73a76d114d3a
SSDEEP

6144:yOTeHI8HiL7+f5H8XG5BgiDvZ6uzPfI9WJcVi/MFt9OzntXaLc+9zyr:xeoGiLaSXGAiN6gf+WqVi/MFtkj1fX

Score

10^/10

ramnit sality backdoor banker evasion spyware stealer trojan upx worm

Static task

static1

Behavioral task

behavioral1

Sample

a23716aa148bc21cd66dc5ef0e6b479629bfe93a028c62a49c30c361f4024cf3.exe

Resource

win7-20220901-en

ramnit sality backdoor banker evasion spyware stealer trojan upx worm

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

a23716aa148bc21cd66dc5ef0e6b479629bfe93a028c62a49c30c361f4024cf3.exe

Resource

win10v2004-20220812-en

ramnit sality backdoor banker evasion spyware stealer trojan upx worm

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

- Target
  
  a23716aa148bc21cd66dc5ef0e6b479629bfe93a028c62a49c30c361f4024cf3
- Size
  
  353KB
- MD5
  
  43728f389645639be29d3f15060a6a10
- SHA1
  
  a1ac9c9cdc9aa77891991b7b4f6bb38fbb6de9b9
- SHA256
  
  a23716aa148bc21cd66dc5ef0e6b479629bfe93a028c62a49c30c361f4024cf3
- SHA512
  
  459445b39ec9218df90f08a3f836484455f77bf802036a9c18999b2040b04b49bdcd9cab0a810a068abb727446654919e621d5ff7ef3fb70bd4f73a76d114d3a
- SSDEEP
  
  6144:yOTeHI8HiL7+f5H8XG5BgiDvZ6uzPfI9WJcVi/MFt9OzntXaLc+9zyr:xeoGiLaSXGAiN6gf+WqVi/MFtkj1fX
Score

10^/10

ramnit sality backdoor banker evasion spyware stealer trojan upx worm
- Modifies firewall policy service
  evasion
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ramnitsalitybackdoorbankerevasionspywarestealertrojanupxworm

behavioral2

ramnitsalitybackdoorbankerevasionspywarestealertrojanupxworm

© 2018-2024

Terms | Privacy