ramnit | fef1ec3367c1cdd00a658cc1879d48f1b2408fcd4f25c02b667a8272f24f2a2a | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

fef1ec3367...2a.dll

windows7-x64

fef1ec3367...2a.dll

windows10-2004-x64

Sharing

General

Target

fef1ec3367c1cdd00a658cc1879d48f1b2408fcd4f25c02b667a8272f24f2a2a
Size

176KB
Sample

221129-jecewacc8z
MD5

b52596cc2f51e4cca31b4be61a1c8ac0
SHA1

89fdbc0d9781d1e2705b8712613e43b93aa436be
SHA256

fef1ec3367c1cdd00a658cc1879d48f1b2408fcd4f25c02b667a8272f24f2a2a
SHA512

f2fec90d388ffc46b9f1adfbde2c686b4f6e07fb778558ca99e22e21bc83997d4734bba425bb99fcb433452fe505fdfc301d4c125d817430d3e751ffa8ed0ad2
SSDEEP

3072:pgKKuiX63bw5dNjDh8pWVgTlFIYnUBBOmCCYhTQw/adrEV:iKZp3KNjVGv5KYhMN4

Score

10^/10

ramnit banker persistence spyware stealer trojan upx worm

Static task

static1

Behavioral task

behavioral1

Sample

fef1ec3367c1cdd00a658cc1879d48f1b2408fcd4f25c02b667a8272f24f2a2a.dll

Resource

win7-20220812-en

ramnit banker persistence spyware stealer trojan upx worm

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

fef1ec3367c1cdd00a658cc1879d48f1b2408fcd4f25c02b667a8272f24f2a2a.dll

Resource

win10v2004-20220812-en

ramnit banker spyware stealer trojan upx worm

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  fef1ec3367c1cdd00a658cc1879d48f1b2408fcd4f25c02b667a8272f24f2a2a
- Size
  
  176KB
- MD5
  
  b52596cc2f51e4cca31b4be61a1c8ac0
- SHA1
  
  89fdbc0d9781d1e2705b8712613e43b93aa436be
- SHA256
  
  fef1ec3367c1cdd00a658cc1879d48f1b2408fcd4f25c02b667a8272f24f2a2a
- SHA512
  
  f2fec90d388ffc46b9f1adfbde2c686b4f6e07fb778558ca99e22e21bc83997d4734bba425bb99fcb433452fe505fdfc301d4c125d817430d3e751ffa8ed0ad2
- SSDEEP
  
  3072:pgKKuiX63bw5dNjDh8pWVgTlFIYnUBBOmCCYhTQw/adrEV:iKZp3KNjVGv5KYhMN4
Score

10^/10

ramnit banker persistence spyware stealer trojan upx worm
- Modifies WinLogon for persistence
  persistence
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ramnitbankerpersistencespywarestealertrojanupxworm

behavioral2

ramnitbankerspywarestealertrojanupxworm

© 2018-2025

Terms | Privacy