ramnit | c8b846efff2b4e197a98be1a4dc35117725ee905c0f5b7e22c87183ce67f6dbe | Triage

Submit
Reports

Overview

overview

Static

static

8

c8b846efff...be.exe

windows7-x64

c8b846efff...be.exe

windows10-2004-x64

Sharing

General

Target

c8b846efff2b4e197a98be1a4dc35117725ee905c0f5b7e22c87183ce67f6dbe
Size

829KB
Sample

221124-lgy3rsha6y
MD5

e0a867c1368e0a0f7cee9f9304826945
SHA1

f179c0b49d3d3705d99697702ac5383ba018f30a
SHA256

c8b846efff2b4e197a98be1a4dc35117725ee905c0f5b7e22c87183ce67f6dbe
SHA512

ebee0a2f4ad1ee3b042befeb6f5351293fe7c376c2686c7ba0e2de9f5411532f20d0e9886c2254389b5cb51a1dcd75da56d1f61d78bbfe02239ec91fcb5c780e
SSDEEP

24576:Un+GIgqdJeXo7joesIeXE2zp8jvJUKGU99o:7OqdMXcTslE2zpSqKGUv

Score

10^/10

ramnit banker bootkit persistence spyware stealer trojan upx worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c8b846efff2b4e197a98be1a4dc35117725ee905c0f5b7e22c87183ce67f6dbe.exe

Resource

win7-20220901-en

ramnit banker spyware stealer trojan upx worm

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

c8b846efff2b4e197a98be1a4dc35117725ee905c0f5b7e22c87183ce67f6dbe.exe

Resource

win10v2004-20220812-en

ramnit banker bootkit persistence spyware stealer trojan upx worm

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  c8b846efff2b4e197a98be1a4dc35117725ee905c0f5b7e22c87183ce67f6dbe
- Size
  
  829KB
- MD5
  
  e0a867c1368e0a0f7cee9f9304826945
- SHA1
  
  f179c0b49d3d3705d99697702ac5383ba018f30a
- SHA256
  
  c8b846efff2b4e197a98be1a4dc35117725ee905c0f5b7e22c87183ce67f6dbe
- SHA512
  
  ebee0a2f4ad1ee3b042befeb6f5351293fe7c376c2686c7ba0e2de9f5411532f20d0e9886c2254389b5cb51a1dcd75da56d1f61d78bbfe02239ec91fcb5c780e
- SSDEEP
  
  24576:Un+GIgqdJeXo7joesIeXE2zp8jvJUKGU99o:7OqdMXcTslE2zpSqKGUv
Score

10^/10

ramnit banker spyware stealer trojan upx worm bootkit persistence
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

ramnitbankerspywarestealertrojanupxworm

behavioral2

ramnitbankerbootkitpersistencespywarestealertrojanupxworm

© 2018-2024

Terms | Privacy