ramnit | f15ca6aa8be09077d27b137fb38d54ee0e831d06d25691075ca36908a5abfdc3 | Triage

Sharing

General

Target

f15ca6aa8be09077d27b137fb38d54ee0e831d06d25691075ca36908a5abfdc3
Size

196KB
Sample

221127-yas96adb33
MD5

7a1492b9bd643a57a8566a2e20c4f7b5
SHA1

63c3ecc4e6370d54757bf3698c7f3712bec124ef
SHA256

f15ca6aa8be09077d27b137fb38d54ee0e831d06d25691075ca36908a5abfdc3
SHA512

c096d3352056d18d662945aa7dc494189fa3a3985a8f185871d7abde1d2984e18e8e5083147fb61a7abd20813afce2162c0232b9ea84ddf580d2dd898c81463e
SSDEEP

3072:WEYetn8ZDPGeK3ooCYfk30/AgEKDgo6b61UFvqFIqh1VP1QHEUeh:Tz8ZD+X0EZdgfeqFvt2dQ2

Score

10^/10

ramnit banker evasion persistence spyware stealer trojan worm

Malware Config

Targets

- Target
  
  f15ca6aa8be09077d27b137fb38d54ee0e831d06d25691075ca36908a5abfdc3
- Size
  
  196KB
- MD5
  
  7a1492b9bd643a57a8566a2e20c4f7b5
- SHA1
  
  63c3ecc4e6370d54757bf3698c7f3712bec124ef
- SHA256
  
  f15ca6aa8be09077d27b137fb38d54ee0e831d06d25691075ca36908a5abfdc3
- SHA512
  
  c096d3352056d18d662945aa7dc494189fa3a3985a8f185871d7abde1d2984e18e8e5083147fb61a7abd20813afce2162c0232b9ea84ddf580d2dd898c81463e
- SSDEEP
  
  3072:WEYetn8ZDPGeK3ooCYfk30/AgEKDgo6b61UFvqFIqh1VP1QHEUeh:Tz8ZD+X0EZdgfeqFvt2dQ2
Score

10^/10

ramnit banker evasion persistence spyware stealer trojan worm
- Modifies WinLogon for persistence
  persistence
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- UAC bypass
  evasion trojan
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Modify Registry

Bypass User Account Control

Disabling Security Tools

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

ramnitbankerevasionpersistencespywarestealertrojanworm

behavioral2