ramnit | b809a1c08bd07d3cc716bd34fabbc7b476f14db60c30c79cd456cd55e7a39d68 | Triage

Submit
Reports

Overview

overview

Static

static

8

b809a1c08b...68.exe

windows7-x64

b809a1c08b...68.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

b809a1c08bd07d3cc716bd34fabbc7b476f14db60c30c79cd456cd55e7a39d68
Size

136KB
Sample

221127-q79peaga3v
MD5

3c3e24950cabd8dc10c1b64e6bb12a60
SHA1

b2383ce4f82f096d0c2fa17b6f32739b0569dcd9
SHA256

b809a1c08bd07d3cc716bd34fabbc7b476f14db60c30c79cd456cd55e7a39d68
SHA512

45d543f57f312768bcca612420b458f64f0f2a380314693c41ba4bfedc825960a2a80380de5c391ce24706bfafa909c8076c0d49813a0adb44b58e49779e726c
SSDEEP

3072:wRo4mNx+6koApfx66SM8VjnsbByy+94xcej0Suopxegt52gf:2NW3koG/SM8VTIBBBpf3t52

Score

10^/10

ramnit banker spyware stealer trojan upx worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

b809a1c08bd07d3cc716bd34fabbc7b476f14db60c30c79cd456cd55e7a39d68.exe

Resource

win7-20220901-en

ramnit banker spyware stealer trojan upx worm

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

b809a1c08bd07d3cc716bd34fabbc7b476f14db60c30c79cd456cd55e7a39d68.exe

Resource

win10v2004-20220812-en

ramnit banker spyware stealer trojan upx worm

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  b809a1c08bd07d3cc716bd34fabbc7b476f14db60c30c79cd456cd55e7a39d68
- Size
  
  136KB
- MD5
  
  3c3e24950cabd8dc10c1b64e6bb12a60
- SHA1
  
  b2383ce4f82f096d0c2fa17b6f32739b0569dcd9
- SHA256
  
  b809a1c08bd07d3cc716bd34fabbc7b476f14db60c30c79cd456cd55e7a39d68
- SHA512
  
  45d543f57f312768bcca612420b458f64f0f2a380314693c41ba4bfedc825960a2a80380de5c391ce24706bfafa909c8076c0d49813a0adb44b58e49779e726c
- SSDEEP
  
  3072:wRo4mNx+6koApfx66SM8VjnsbByy+94xcej0Suopxegt52gf:2NW3koG/SM8VTIBBBpf3t52
Score

10^/10

ramnit banker spyware stealer trojan upx worm
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ramnitbankerspywarestealertrojanupxworm

behavioral2

ramnitbankerspywarestealertrojanupxworm

© 2018-2025

Terms | Privacy