ramnit | db7bb6bfd6e8decc478d3c8473ddf276a5fa5090e6987e3c5d641a63337a2460 | Triage

Submit
Reports

Overview

overview

Static

static

db7bb6bfd6...60.dll

windows7-x64

db7bb6bfd6...60.dll

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

db7bb6bfd6e8decc478d3c8473ddf276a5fa5090e6987e3c5d641a63337a2460
Size

380KB
Sample

221129-tjvgcsdf39
MD5

f7e390609bcab34a1cde45f4c8415fa8
SHA1

59774582c775dd7fd2fd2b6c9b18e8432ce326d8
SHA256

db7bb6bfd6e8decc478d3c8473ddf276a5fa5090e6987e3c5d641a63337a2460
SHA512

504afada85f1d6a7cbb985467ad7b44345954322b50a79a488bdc53d97a1317b69a9477fa651c09263afbb990632bc7ed27a6df64209883ba255017b6ab2780a
SSDEEP

6144:zKwFsGM5y+3kyzuJO1AmAGFxlNWCJBD4DsWR3Uqzujd3rm4eKsaJ:zlRB+3kyzuJO1AqWzujd3i4eKs6

Score

10^/10

ramnit adware banker evasion persistence spyware stealer trojan worm

Static task

static1

Behavioral task

behavioral1

Sample

db7bb6bfd6e8decc478d3c8473ddf276a5fa5090e6987e3c5d641a63337a2460.dll

Resource

win7-20220812-en

ramnit adware banker evasion persistence spyware stealer trojan worm

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

db7bb6bfd6e8decc478d3c8473ddf276a5fa5090e6987e3c5d641a63337a2460.dll

Resource

win10v2004-20221111-en

ramnit adware banker spyware stealer trojan worm

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  db7bb6bfd6e8decc478d3c8473ddf276a5fa5090e6987e3c5d641a63337a2460
- Size
  
  380KB
- MD5
  
  f7e390609bcab34a1cde45f4c8415fa8
- SHA1
  
  59774582c775dd7fd2fd2b6c9b18e8432ce326d8
- SHA256
  
  db7bb6bfd6e8decc478d3c8473ddf276a5fa5090e6987e3c5d641a63337a2460
- SHA512
  
  504afada85f1d6a7cbb985467ad7b44345954322b50a79a488bdc53d97a1317b69a9477fa651c09263afbb990632bc7ed27a6df64209883ba255017b6ab2780a
- SSDEEP
  
  6144:zKwFsGM5y+3kyzuJO1AmAGFxlNWCJBD4DsWR3Uqzujd3rm4eKsaJ:zlRB+3kyzuJO1AqWzujd3i4eKs6
Score

10^/10

ramnit adware banker evasion persistence spyware stealer trojan worm
- Modifies WinLogon for persistence
  persistence
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- UAC bypass
  evasion trojan
- Executes dropped EXE
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ramnitadwarebankerevasionpersistencespywarestealertrojanworm

behavioral2

ramnitadwarebankerspywarestealertrojanworm

© 2018-2025

Terms | Privacy