ramnit | 59907ef75a57a8f301a9c9e8bd042287f4e32691e78c05599201e0e53c051824 | Triage

Submit
Reports

Overview

overview

Static

static

59907ef75a...24.exe

windows7-x64

59907ef75a...24.exe

windows10-2004-x64

Sharing

General

Target

59907ef75a57a8f301a9c9e8bd042287f4e32691e78c05599201e0e53c051824
Size

132KB
Sample

221127-w6mfdadd9z
MD5

100e0bc3237b7ebc9cb567627b521bc5
SHA1

04af221d68b49027bb42280a4182ee2c8cae2414
SHA256

59907ef75a57a8f301a9c9e8bd042287f4e32691e78c05599201e0e53c051824
SHA512

e9168b549678825fbec47172cb62778d5f99a8ea7227d83515a1ecbdb66967e682f997689c0703afe8a289fc75749cd213dfe060fedd693307c7d5a8a8228b15
SSDEEP

3072:sfBgCILyfukodRpLlQtkTeNQ1MDLlXjCtIDNi/IdOY:sfmdkojTT1MDhXRgIo

Score

10^/10

ramnit banker evasion spyware stealer trojan upx worm

Static task

static1

Behavioral task

behavioral1

Sample

59907ef75a57a8f301a9c9e8bd042287f4e32691e78c05599201e0e53c051824.exe

Resource

win7-20220901-en

ramnit banker spyware stealer trojan upx worm

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

59907ef75a57a8f301a9c9e8bd042287f4e32691e78c05599201e0e53c051824.exe

Resource

win10v2004-20220812-en

ramnit banker evasion spyware stealer trojan upx worm

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  59907ef75a57a8f301a9c9e8bd042287f4e32691e78c05599201e0e53c051824
- Size
  
  132KB
- MD5
  
  100e0bc3237b7ebc9cb567627b521bc5
- SHA1
  
  04af221d68b49027bb42280a4182ee2c8cae2414
- SHA256
  
  59907ef75a57a8f301a9c9e8bd042287f4e32691e78c05599201e0e53c051824
- SHA512
  
  e9168b549678825fbec47172cb62778d5f99a8ea7227d83515a1ecbdb66967e682f997689c0703afe8a289fc75749cd213dfe060fedd693307c7d5a8a8228b15
- SSDEEP
  
  3072:sfBgCILyfukodRpLlQtkTeNQ1MDLlXjCtIDNi/IdOY:sfmdkojTT1MDhXRgIo
Score

10^/10

ramnit banker spyware stealer trojan upx worm evasion
- Modifies firewall policy service
  evasion
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

ramnitbankerspywarestealertrojanupxworm

behavioral2

ramnitbankerevasionspywarestealertrojanupxworm

© 2018-2024

Terms | Privacy