ramnit | 4b886ffa8603e2450371e96513f4875d42ab885eaa4a9edfdc736b00e7ac8e3d | Triage

Submit
Reports

Overview

overview

Static

static

4b886ffa86...3d.dll

windows7-x64

4b886ffa86...3d.dll

windows10-2004-x64

Sharing

General

Target

4b886ffa8603e2450371e96513f4875d42ab885eaa4a9edfdc736b00e7ac8e3d
Size

799KB
Sample

221128-yn17xscg29
MD5

aa57c5a19e0098244992707212a8cede
SHA1

2e52f9fae2bcc35d63971aed13269f67211cb3fe
SHA256

4b886ffa8603e2450371e96513f4875d42ab885eaa4a9edfdc736b00e7ac8e3d
SHA512

690324613a6e8469a41e69e08340e839e5e19d18450af7c8742fbda9d96dd6ede0f3254323106cece9c6e5c32f97796d56d3f6ac0f0fabbc0cf3683bac569230
SSDEEP

24576:omj23gSDbQ+Ka6fWhcuaPDsdpPahfoopooaWYpCr/XC22:omj8vEa6fWhQP+PaHyCr/y22

Score

10^/10

ramnit banker persistence spyware stealer trojan upx worm

Static task

static1

Behavioral task

behavioral1

Sample

4b886ffa8603e2450371e96513f4875d42ab885eaa4a9edfdc736b00e7ac8e3d.dll

Resource

win7-20220812-en

ramnit banker persistence spyware stealer trojan upx worm

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

4b886ffa8603e2450371e96513f4875d42ab885eaa4a9edfdc736b00e7ac8e3d.dll

Resource

win10v2004-20220812-en

ramnit banker spyware stealer trojan upx worm

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  4b886ffa8603e2450371e96513f4875d42ab885eaa4a9edfdc736b00e7ac8e3d
- Size
  
  799KB
- MD5
  
  aa57c5a19e0098244992707212a8cede
- SHA1
  
  2e52f9fae2bcc35d63971aed13269f67211cb3fe
- SHA256
  
  4b886ffa8603e2450371e96513f4875d42ab885eaa4a9edfdc736b00e7ac8e3d
- SHA512
  
  690324613a6e8469a41e69e08340e839e5e19d18450af7c8742fbda9d96dd6ede0f3254323106cece9c6e5c32f97796d56d3f6ac0f0fabbc0cf3683bac569230
- SSDEEP
  
  24576:omj23gSDbQ+Ka6fWhcuaPDsdpPahfoopooaWYpCr/XC22:omj8vEa6fWhQP+PaHyCr/y22
Score

10^/10

ramnit banker persistence spyware stealer trojan upx worm
- Modifies WinLogon for persistence
  persistence
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

ramnitbankerpersistencespywarestealertrojanupxworm

behavioral2

ramnitbankerspywarestealertrojanupxworm

© 2018-2024

Terms | Privacy