ramnit | 55b26cf9b538e7738d7abafa301dffc38eb180b6fd9a83bc202d2e4311d0ac26 | Triage

Submit
Reports

Overview

overview

Static

static

55b26cf9b5...26.exe

windows7-x64

55b26cf9b5...26.exe

windows10-2004-x64

Sharing

General

Target

55b26cf9b538e7738d7abafa301dffc38eb180b6fd9a83bc202d2e4311d0ac26
Size

536KB
Sample

221123-vrmbdscf9s
MD5

15d4807f7284d739e7a4ed95effd009c
SHA1

98f1efc82424b2c19bd6a3575eb19bac56f666ed
SHA256

55b26cf9b538e7738d7abafa301dffc38eb180b6fd9a83bc202d2e4311d0ac26
SHA512

6743499300756611b6ad0fcf66ed197d3a271e1ad52406f64c4d9a1137dabd5b09a037f1a935b094359181ae803b0125f7dde2fdde8c287f7b243a981406baa5
SSDEEP

12288:hUkUmzqjenW/LZJq5mGgbPV1kdLTIFEkD0rcDecHCXBm:hrUmRMYuV1CLTIFEkDccuXBm

Score

10^/10

ramnit banker evasion spyware stealer trojan upx worm

Static task

static1

Behavioral task

behavioral1

Sample

55b26cf9b538e7738d7abafa301dffc38eb180b6fd9a83bc202d2e4311d0ac26.exe

Resource

win7-20220901-en

ramnit banker spyware stealer trojan upx worm

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

55b26cf9b538e7738d7abafa301dffc38eb180b6fd9a83bc202d2e4311d0ac26.exe

Resource

win10v2004-20220812-en

ramnit banker evasion spyware stealer trojan upx worm

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  55b26cf9b538e7738d7abafa301dffc38eb180b6fd9a83bc202d2e4311d0ac26
- Size
  
  536KB
- MD5
  
  15d4807f7284d739e7a4ed95effd009c
- SHA1
  
  98f1efc82424b2c19bd6a3575eb19bac56f666ed
- SHA256
  
  55b26cf9b538e7738d7abafa301dffc38eb180b6fd9a83bc202d2e4311d0ac26
- SHA512
  
  6743499300756611b6ad0fcf66ed197d3a271e1ad52406f64c4d9a1137dabd5b09a037f1a935b094359181ae803b0125f7dde2fdde8c287f7b243a981406baa5
- SSDEEP
  
  12288:hUkUmzqjenW/LZJq5mGgbPV1kdLTIFEkD0rcDecHCXBm:hrUmRMYuV1CLTIFEkDccuXBm
Score

10^/10

ramnit banker spyware stealer trojan upx worm evasion
- Modifies firewall policy service
  evasion
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ramnitbankerspywarestealertrojanupxworm

behavioral2

ramnitbankerevasionspywarestealertrojanupxworm

© 2018-2024

Terms | Privacy