ramnit | 71834849cc7c27bbb53eb9316833d0c5665f7f7d322e06d0625212daaaa8d8ca | Triage

Submit
Reports

Overview

overview

Static

static

71834849cc...ca.exe

windows7-x64

71834849cc...ca.exe

windows10-2004-x64

Sharing

General

Target

71834849cc7c27bbb53eb9316833d0c5665f7f7d322e06d0625212daaaa8d8ca
Size

816KB
Sample

221123-z7bl2sef48
MD5

595bcf0e9eda86a1625dcd4bc61d3257
SHA1

f9aef65ee80a7837d7db6794c8285f99107e62fe
SHA256

71834849cc7c27bbb53eb9316833d0c5665f7f7d322e06d0625212daaaa8d8ca
SHA512

d9db455af3e4baf9d6c1760636fda674ccdedd14f2b014d66ff79bd5513db2f94f934f13ecb2563907bb187f02d3fe4a56be66c4c836209e7e6347a2bca9b889
SSDEEP

12288:Rs0AhHtn1bvzSP6iTn1UserksHkU5KrVclb6ajydnlJj/IiLmqU2zYHp7D0xBm:RsdhHLvmP6+19egRG10nlJjp/U20x+s

Score

10^/10

ramnit banker evasion spyware stealer trojan upx worm

Static task

static1

Behavioral task

behavioral1

Sample

71834849cc7c27bbb53eb9316833d0c5665f7f7d322e06d0625212daaaa8d8ca.exe

Resource

win7-20220812-en

ramnit banker spyware stealer trojan upx worm

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

71834849cc7c27bbb53eb9316833d0c5665f7f7d322e06d0625212daaaa8d8ca.exe

Resource

win10v2004-20221111-en

ramnit banker evasion spyware stealer trojan upx worm

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  71834849cc7c27bbb53eb9316833d0c5665f7f7d322e06d0625212daaaa8d8ca
- Size
  
  816KB
- MD5
  
  595bcf0e9eda86a1625dcd4bc61d3257
- SHA1
  
  f9aef65ee80a7837d7db6794c8285f99107e62fe
- SHA256
  
  71834849cc7c27bbb53eb9316833d0c5665f7f7d322e06d0625212daaaa8d8ca
- SHA512
  
  d9db455af3e4baf9d6c1760636fda674ccdedd14f2b014d66ff79bd5513db2f94f934f13ecb2563907bb187f02d3fe4a56be66c4c836209e7e6347a2bca9b889
- SSDEEP
  
  12288:Rs0AhHtn1bvzSP6iTn1UserksHkU5KrVclb6ajydnlJj/IiLmqU2zYHp7D0xBm:RsdhHLvmP6+19egRG10nlJjp/U20x+s
Score

10^/10

ramnit banker spyware stealer trojan upx worm evasion
- Modifies firewall policy service
  evasion
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ramnitbankerspywarestealertrojanupxworm

behavioral2

ramnitbankerevasionspywarestealertrojanupxworm

© 2018-2024

Terms | Privacy