ramnit | e43ccac45e02c58d44c1a33d5f00e3bb7f5c09ed795bd5b1c49fad31dd87d39d | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

e43ccac45e...9d.dll

windows7-x64

8

e43ccac45e...9d.dll

windows10-2004-x64

Sharing

General

Target

e43ccac45e02c58d44c1a33d5f00e3bb7f5c09ed795bd5b1c49fad31dd87d39d
Size

778KB
Sample

221127-c2bzasda92
MD5

3974164c07298d7dd19484092c261aa9
SHA1

a759c23af5c9fe9b6e9cf1ba79ddf0ae58078622
SHA256

e43ccac45e02c58d44c1a33d5f00e3bb7f5c09ed795bd5b1c49fad31dd87d39d
SHA512

7ce7e147b38fe9f20c0b5c3da28a1de3fcbb79b64b4ba92fefb8e73c25e437decbaa8ed5b88120500ef0f6e1d3d2507c05cadb54fcb1d1baba40d5a5ddc53a1e
SSDEEP

24576:4zb1MlCKUQyUmjtczu6Prs9pgWoopooK9kwPMLt8F:4zbKsUmjtcdPGgIwPMLyF

Score

10^/10

ramnit banker evasion spyware stealer trojan upx worm

Static task

static1

Behavioral task

behavioral1

Sample

e43ccac45e02c58d44c1a33d5f00e3bb7f5c09ed795bd5b1c49fad31dd87d39d.dll

Resource

win7-20221111-en

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

e43ccac45e02c58d44c1a33d5f00e3bb7f5c09ed795bd5b1c49fad31dd87d39d.dll

Resource

win10v2004-20221111-en

ramnit banker evasion spyware stealer trojan upx worm

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  e43ccac45e02c58d44c1a33d5f00e3bb7f5c09ed795bd5b1c49fad31dd87d39d
- Size
  
  778KB
- MD5
  
  3974164c07298d7dd19484092c261aa9
- SHA1
  
  a759c23af5c9fe9b6e9cf1ba79ddf0ae58078622
- SHA256
  
  e43ccac45e02c58d44c1a33d5f00e3bb7f5c09ed795bd5b1c49fad31dd87d39d
- SHA512
  
  7ce7e147b38fe9f20c0b5c3da28a1de3fcbb79b64b4ba92fefb8e73c25e437decbaa8ed5b88120500ef0f6e1d3d2507c05cadb54fcb1d1baba40d5a5ddc53a1e
- SSDEEP
  
  24576:4zb1MlCKUQyUmjtczu6Prs9pgWoopooK9kwPMLt8F:4zbKsUmjtcdPGgIwPMLyF
Score

10^/10

ramnit banker evasion spyware stealer trojan upx worm
- Modifies firewall policy service
  evasion
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

ramnitbankerevasionspywarestealertrojanupxworm

© 2018-2025

Terms | Privacy