ramnit | 1f8b561f9e694e85b27ca60b3d49deb1e075d1df5dca1f491a2b5037ec348868 | Triage

Submit
Reports

Overview

overview

Static

static

8

1f8b561f9e...68.exe

windows7-x64

1f8b561f9e...68.exe

windows10-2004-x64

Sharing

General

Target

1f8b561f9e694e85b27ca60b3d49deb1e075d1df5dca1f491a2b5037ec348868
Size

2.7MB
Sample

221127-yds4kadc98
MD5

d6a9153552edbe3120aaf40510e13105
SHA1

92790afd60b904e518062fb7a0f52208e0aad7b1
SHA256

1f8b561f9e694e85b27ca60b3d49deb1e075d1df5dca1f491a2b5037ec348868
SHA512

b7978137520d876f17ec739ffb53b07bac322515dc5928b21a16204faa1dab7bd81c314ee85c8d1e0cb1e92ef20ea24e5b19084b4717b24380b8f6dcf2626996
SSDEEP

49152:laFq/F445nGcM2TZaqdwk0c05HGiU1pIUpJLJ1o:lRd445nPYqdwkLcHHU1pXpJ91o

Score

10^/10

ramnit banker spyware stealer trojan upx worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1f8b561f9e694e85b27ca60b3d49deb1e075d1df5dca1f491a2b5037ec348868.exe

Resource

win7-20221111-en

ramnit banker spyware stealer trojan upx worm

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

1f8b561f9e694e85b27ca60b3d49deb1e075d1df5dca1f491a2b5037ec348868.exe

Resource

win10v2004-20220901-en

ramnit banker spyware stealer trojan upx worm

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  1f8b561f9e694e85b27ca60b3d49deb1e075d1df5dca1f491a2b5037ec348868
- Size
  
  2.7MB
- MD5
  
  d6a9153552edbe3120aaf40510e13105
- SHA1
  
  92790afd60b904e518062fb7a0f52208e0aad7b1
- SHA256
  
  1f8b561f9e694e85b27ca60b3d49deb1e075d1df5dca1f491a2b5037ec348868
- SHA512
  
  b7978137520d876f17ec739ffb53b07bac322515dc5928b21a16204faa1dab7bd81c314ee85c8d1e0cb1e92ef20ea24e5b19084b4717b24380b8f6dcf2626996
- SSDEEP
  
  49152:laFq/F445nGcM2TZaqdwk0c05HGiU1pIUpJLJ1o:lRd445nPYqdwkLcHHU1pXpJ91o
Score

10^/10

ramnit banker spyware stealer trojan upx worm
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

ramnitbankerspywarestealertrojanupxworm

behavioral2

ramnitbankerspywarestealertrojanupxworm

© 2018-2024

Terms | Privacy