ramnit | 277c263e788311014b6242c5fb3058e3ef3eaab3a02b312ac5e5f111d68a0b5f | Triage

Submit
Reports

Overview

overview

Static

static

277c263e78...5f.exe

windows7-x64

277c263e78...5f.exe

windows10-2004-x64

Sharing

General

Target

277c263e788311014b6242c5fb3058e3ef3eaab3a02b312ac5e5f111d68a0b5f
Size

248KB
Sample

221123-xrnwbsag7t
MD5

5674d371be612f08af5faab96f2f0c1a
SHA1

1eb5efb0b829f8dd5265ede1907f41a7985f70c8
SHA256

277c263e788311014b6242c5fb3058e3ef3eaab3a02b312ac5e5f111d68a0b5f
SHA512

1a2c3d2876b3d3b4b4ced37cb5d4d7f18e7083282e5b7ea4ac5c9dff94eebe5dc6029316528f9909466f515884361509564a80d74b3fb9e76e92f813588cc7ef
SSDEEP

3072:uR2xn3k0CdM1vabyzJYWqyZcFaF504UwPGX1NhG2ozrl8SmaUBzMZqa12DtjSM:uR2J0LS6Vymc0IPGEfzrjmPzMZq2s

Score

10^/10

ramnit banker persistence spyware stealer trojan upx worm

Static task

static1

Behavioral task

behavioral1

Sample

277c263e788311014b6242c5fb3058e3ef3eaab3a02b312ac5e5f111d68a0b5f.exe

Resource

win7-20221111-en

ramnit banker persistence spyware stealer trojan upx worm

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

277c263e788311014b6242c5fb3058e3ef3eaab3a02b312ac5e5f111d68a0b5f.exe

Resource

win10v2004-20221111-en

ramnit banker spyware stealer trojan upx worm

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  277c263e788311014b6242c5fb3058e3ef3eaab3a02b312ac5e5f111d68a0b5f
- Size
  
  248KB
- MD5
  
  5674d371be612f08af5faab96f2f0c1a
- SHA1
  
  1eb5efb0b829f8dd5265ede1907f41a7985f70c8
- SHA256
  
  277c263e788311014b6242c5fb3058e3ef3eaab3a02b312ac5e5f111d68a0b5f
- SHA512
  
  1a2c3d2876b3d3b4b4ced37cb5d4d7f18e7083282e5b7ea4ac5c9dff94eebe5dc6029316528f9909466f515884361509564a80d74b3fb9e76e92f813588cc7ef
- SSDEEP
  
  3072:uR2xn3k0CdM1vabyzJYWqyZcFaF504UwPGX1NhG2ozrl8SmaUBzMZqa12DtjSM:uR2J0LS6Vymc0IPGEfzrjmPzMZq2s
Score

10^/10

ramnit banker persistence spyware stealer trojan upx worm
- Modifies WinLogon for persistence
  persistence
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

ramnitbankerpersistencespywarestealertrojanupxworm

behavioral2

ramnitbankerspywarestealertrojanupxworm

© 2018-2024

Terms | Privacy