ramnit | 56b32d74d9ffbd306d9749f7ed23a88c3511b442412a59774acccb0eef947aa1 | Triage

Submit
Reports

Overview

overview

Static

static

56b32d74d9...a1.exe

windows7-x64

56b32d74d9...a1.exe

windows10-2004-x64

3

Sharing

General

Target

56b32d74d9ffbd306d9749f7ed23a88c3511b442412a59774acccb0eef947aa1
Size

105KB
Sample

221130-mfdwwabg55
MD5

2305959b525467fc0f6e422fa1d44150
SHA1

beb8c935284ccce976e3e6559660b4e579d80001
SHA256

56b32d74d9ffbd306d9749f7ed23a88c3511b442412a59774acccb0eef947aa1
SHA512

e000e952afde85783c7fdcbe2d6582f28443e442f5a0b8e0ffeb6e3361bb8d6d97f61425b280d957c0a4d7e5dae7128debd7d436b4abcc0c71b609d751cc742d
SSDEEP

3072:l162MfLOVnT6e/Cxh/RlyFyyucvaaHw7Koj4rtG:b6T6VnT1Kxh3y0

Score

10^/10

ramnit banker evasion persistence spyware stealer trojan worm

Static task

static1

Behavioral task

behavioral1

Sample

56b32d74d9ffbd306d9749f7ed23a88c3511b442412a59774acccb0eef947aa1.exe

Resource

win7-20220901-en

ramnit banker evasion persistence spyware stealer trojan worm

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

56b32d74d9ffbd306d9749f7ed23a88c3511b442412a59774acccb0eef947aa1.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

1 signatures

150 seconds

Malware Config

Targets

- Target
  
  56b32d74d9ffbd306d9749f7ed23a88c3511b442412a59774acccb0eef947aa1
- Size
  
  105KB
- MD5
  
  2305959b525467fc0f6e422fa1d44150
- SHA1
  
  beb8c935284ccce976e3e6559660b4e579d80001
- SHA256
  
  56b32d74d9ffbd306d9749f7ed23a88c3511b442412a59774acccb0eef947aa1
- SHA512
  
  e000e952afde85783c7fdcbe2d6582f28443e442f5a0b8e0ffeb6e3361bb8d6d97f61425b280d957c0a4d7e5dae7128debd7d436b4abcc0c71b609d751cc742d
- SSDEEP
  
  3072:l162MfLOVnT6e/Cxh/RlyFyyucvaaHw7Koj4rtG:b6T6VnT1Kxh3y0
Score

10^/10

ramnit banker evasion persistence spyware stealer trojan worm
- Modifies WinLogon for persistence
  persistence
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Modify Registry

Bypass User Account Control

Disabling Security Tools

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

ramnitbankerevasionpersistencespywarestealertrojanworm

behavioral2

© 2018-2024

Terms | Privacy