ramnit | 3f812a92136133336a7d89465aad4ae416ab47d109187f660835aa5cf5b1f08c | Triage

Sharing

General

Target

3f812a92136133336a7d89465aad4ae416ab47d109187f660835aa5cf5b1f08c
Size

228KB
Sample

221123-xm2avsae2z
MD5

1734f460205f993c3f8382a50b4a9f77
SHA1

ed9e50fa76be0bbdf6c2c458af2b7714a36c30f2
SHA256

3f812a92136133336a7d89465aad4ae416ab47d109187f660835aa5cf5b1f08c
SHA512

90f517431205084ee38589673ca5b68b17a830e969d1b4701aee6f8c7416c7974a6623306228ad834713eb1c6515a34dbf941fb6cff562ecf03718e07c900a9f
SSDEEP

3072:9Btrqne+0JcPF1cK1nu5cdUfv+BCpS7syO1JkBCSWm9zJZaJJWlRgA1:9Btrqne+VPF1nCS7syoEzJwJQRgA1

Score

10^/10

ramnit banker evasion persistence spyware stealer trojan worm

Malware Config

Targets

- Target
  
  3f812a92136133336a7d89465aad4ae416ab47d109187f660835aa5cf5b1f08c
- Size
  
  228KB
- MD5
  
  1734f460205f993c3f8382a50b4a9f77
- SHA1
  
  ed9e50fa76be0bbdf6c2c458af2b7714a36c30f2
- SHA256
  
  3f812a92136133336a7d89465aad4ae416ab47d109187f660835aa5cf5b1f08c
- SHA512
  
  90f517431205084ee38589673ca5b68b17a830e969d1b4701aee6f8c7416c7974a6623306228ad834713eb1c6515a34dbf941fb6cff562ecf03718e07c900a9f
- SSDEEP
  
  3072:9Btrqne+0JcPF1cK1nu5cdUfv+BCpS7syO1JkBCSWm9zJZaJJWlRgA1:9Btrqne+VPF1nCS7syoEzJwJQRgA1
Score

10^/10

ramnit banker evasion persistence spyware stealer trojan worm
- Modifies WinLogon for persistence
  persistence
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- UAC bypass
  evasion trojan
- Executes dropped EXE
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ramnitbankerevasionpersistencespywarestealertrojanworm

behavioral2