ramnit | 277c263e788311014b6242c5fb3058e3ef3eaab3a02b312ac5e5f111d68a0b5f | Triage

Submit
Reports

Overview

overview

Static

static

277c263e78...5f.exe

windows7-x64

277c263e78...5f.exe

windows10-2004-x64

Sharing

General

Target

277c263e788311014b6242c5fb3058e3ef3eaab3a02b312ac5e5f111d68a0b5f
Size

248KB
Sample

221123-xrnwbsag7t
MD5

5674d371be612f08af5faab96f2f0c1a
SHA1

1eb5efb0b829f8dd5265ede1907f41a7985f70c8
SHA256

277c263e788311014b6242c5fb3058e3ef3eaab3a02b312ac5e5f111d68a0b5f
SHA512

1a2c3d2876b3d3b4b4ced37cb5d4d7f18e7083282e5b7ea4ac5c9dff94eebe5dc6029316528f9909466f515884361509564a80d74b3fb9e76e92f813588cc7ef
SSDEEP

3072:uR2xn3k0CdM1vabyzJYWqyZcFaF504UwPGX1NhG2ozrl8SmaUBzMZqa12DtjSM:uR2J0LS6Vymc0IPGEfzrjmPzMZq2s

Score

10^/10

ramnit banker persistence spyware stealer trojan upx worm

Static task

static1

Behavioral task

behavioral1

Sample

277c263e788311014b6242c5fb3058e3ef3eaab3a02b312ac5e5f111d68a0b5f.exe

Resource

win7-20221111-en

ramnit banker persistence spyware stealer trojan upx worm

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

277c263e788311014b6242c5fb3058e3ef3eaab3a02b312ac5e5f111d68a0b5f.exe

Resource

win10v2004-20221111-en

ramnit banker spyware stealer trojan upx worm

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  277c263e788311014b6242c5fb3058e3ef3eaab3a02b312ac5e5f111d68a0b5f
- Size
  
  248KB
- MD5
  
  5674d371be612f08af5faab96f2f0c1a
- SHA1
  
  1eb5efb0b829f8dd5265ede1907f41a7985f70c8
- SHA256
  
  277c263e788311014b6242c5fb3058e3ef3eaab3a02b312ac5e5f111d68a0b5f
- SHA512
  
  1a2c3d2876b3d3b4b4ced37cb5d4d7f18e7083282e5b7ea4ac5c9dff94eebe5dc6029316528f9909466f515884361509564a80d74b3fb9e76e92f813588cc7ef
- SSDEEP
  
  3072:uR2xn3k0CdM1vabyzJYWqyZcFaF504UwPGX1NhG2ozrl8SmaUBzMZqa12DtjSM:uR2J0LS6Vymc0IPGEfzrjmPzMZq2s
Score

10^/10

ramnit banker persistence spyware stealer trojan upx worm
- Modifies WinLogon for persistence
  persistence
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ramnitbankerpersistencespywarestealertrojanupxworm

behavioral2

ramnitbankerspywarestealertrojanupxworm

© 2018-2024

Terms | Privacy