ramnit | a38644ca86517d5e5a4ab9d45ff0e842daadded68d0f6be076c1c32418bcde03 | Triage

Submit
Reports

Overview

overview

Static

static

a38644ca86...03.dll

windows7-x64

a38644ca86...03.dll

windows10-2004-x64

8

Sharing

General

Target

a38644ca86517d5e5a4ab9d45ff0e842daadded68d0f6be076c1c32418bcde03
Size

296KB
Sample

221127-yaxbtadb39
MD5

d141217011b3736d1a43ed80edafe186
SHA1

bd85a807296c6c3da7b395e0bb10084f7a24a63e
SHA256

a38644ca86517d5e5a4ab9d45ff0e842daadded68d0f6be076c1c32418bcde03
SHA512

77c6bbfe7eaabafc621ab00a96ab2f44e6fc19fb7c50e79a396b9b679d63c692aa0c5f1cd9e6afc9ff88ce9001524292d0413d544b267dbc4feeb3b53d37f463
SSDEEP

6144:DJFR4knNGeq+yDX9UNotBpkMfay5PjP9pw3X:DJgknf3yDXQozNay5L+

Score

10^/10

ramnit banker evasion persistence spyware stealer trojan worm

Static task

static1

Behavioral task

behavioral1

Sample

a38644ca86517d5e5a4ab9d45ff0e842daadded68d0f6be076c1c32418bcde03.dll

Resource

win7-20220812-en

ramnit banker evasion persistence spyware stealer trojan worm

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

a38644ca86517d5e5a4ab9d45ff0e842daadded68d0f6be076c1c32418bcde03.dll

Resource

win10v2004-20220812-en

windows10-2004-x64

3 signatures

150 seconds

Malware Config

Targets

- Target
  
  a38644ca86517d5e5a4ab9d45ff0e842daadded68d0f6be076c1c32418bcde03
- Size
  
  296KB
- MD5
  
  d141217011b3736d1a43ed80edafe186
- SHA1
  
  bd85a807296c6c3da7b395e0bb10084f7a24a63e
- SHA256
  
  a38644ca86517d5e5a4ab9d45ff0e842daadded68d0f6be076c1c32418bcde03
- SHA512
  
  77c6bbfe7eaabafc621ab00a96ab2f44e6fc19fb7c50e79a396b9b679d63c692aa0c5f1cd9e6afc9ff88ce9001524292d0413d544b267dbc4feeb3b53d37f463
- SSDEEP
  
  6144:DJFR4knNGeq+yDX9UNotBpkMfay5PjP9pw3X:DJgknf3yDXQozNay5L+
Score

10^/10

ramnit banker evasion persistence spyware stealer trojan worm
- Modifies WinLogon for persistence
  persistence
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Modify Registry

Bypass User Account Control

Disabling Security Tools

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

ramnitbankerevasionpersistencespywarestealertrojanworm

behavioral2

© 2018-2024

Terms | Privacy