ramnit | 1df0b26a71b5e2678914f4b6c0f52a9fa71d2bbf796ce06ccddb1807f1f535cb | Triage

Submit
Reports

Overview

overview

Static

static

1df0b26a71...cb.dll

windows7-x64

1df0b26a71...cb.dll

windows10-2004-x64

1

Sharing

General

Target

1df0b26a71b5e2678914f4b6c0f52a9fa71d2bbf796ce06ccddb1807f1f535cb
Size

456KB
Sample

221127-x4lazagd6s
MD5

35209c845dd2c67749fe8cca12a5b310
SHA1

1cf945f3af89253e0da8bfa463e7893a5ff4700f
SHA256

1df0b26a71b5e2678914f4b6c0f52a9fa71d2bbf796ce06ccddb1807f1f535cb
SHA512

46c28d345fa5655f3ae02b873ec59ab6c9715dac8ff59201ce7f8cd4339d2bdcc97fedfb8072aead9959795033618b248fe9b82fabd10ce751208381df8b705d
SSDEEP

6144:94TmSt9uNNtXlD2K0Hp/59dB9SzH2xL/zrnpEEDePzn5/K:tYQtXlD2N7SD2xnTpbDeb5

Score

10^/10

ramnit banker evasion persistence spyware stealer trojan worm

Static task

static1

Behavioral task

behavioral1

Sample

1df0b26a71b5e2678914f4b6c0f52a9fa71d2bbf796ce06ccddb1807f1f535cb.dll

Resource

win7-20220812-en

ramnit banker evasion persistence spyware stealer trojan worm

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

1df0b26a71b5e2678914f4b6c0f52a9fa71d2bbf796ce06ccddb1807f1f535cb.dll

Resource

win10v2004-20221111-en

windows10-2004-x64

1 signatures

150 seconds

Malware Config

Targets

- Target
  
  1df0b26a71b5e2678914f4b6c0f52a9fa71d2bbf796ce06ccddb1807f1f535cb
- Size
  
  456KB
- MD5
  
  35209c845dd2c67749fe8cca12a5b310
- SHA1
  
  1cf945f3af89253e0da8bfa463e7893a5ff4700f
- SHA256
  
  1df0b26a71b5e2678914f4b6c0f52a9fa71d2bbf796ce06ccddb1807f1f535cb
- SHA512
  
  46c28d345fa5655f3ae02b873ec59ab6c9715dac8ff59201ce7f8cd4339d2bdcc97fedfb8072aead9959795033618b248fe9b82fabd10ce751208381df8b705d
- SSDEEP
  
  6144:94TmSt9uNNtXlD2K0Hp/59dB9SzH2xL/zrnpEEDePzn5/K:tYQtXlD2N7SD2xnTpbDeb5
Score

10^/10

ramnit banker evasion persistence spyware stealer trojan worm
- Modifies WinLogon for persistence
  persistence
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Modify Registry

Bypass User Account Control

Disabling Security Tools

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

ramnitbankerevasionpersistencespywarestealertrojanworm

behavioral2

© 2018-2024

Terms | Privacy