ramnit | d93a63e337411a795a64a354ab46a2bb2b21e822a3a1d6d633edb5203ba39be9 | Triage

Submit
Reports

Overview

overview

Static

static

d93a63e337...e9.dll

windows7-x64

d93a63e337...e9.dll

windows10-2004-x64

Sharing

General

Target

d93a63e337411a795a64a354ab46a2bb2b21e822a3a1d6d633edb5203ba39be9
Size

108KB
Sample

221202-g1f9vadh7z
MD5

66df444fbddd8fda358998d0aa4ca69f
SHA1

71f323d2fabdc4f3d0dda1ae89052078e0170e15
SHA256

d93a63e337411a795a64a354ab46a2bb2b21e822a3a1d6d633edb5203ba39be9
SHA512

8ced0e62223eaee1e6aa1822262421dfb6c762570421421afe03bbd34a27830cfac33d6e25e536efc2d18f685a1d2b38c8762bf76668d0c239a24dd79e73560c
SSDEEP

3072:4D09MaWLOdfPQdYeW231rj6a71fHkP2HzdhZ9vWCWR:gaqOdHQlua7CY5h+

Score

10^/10

ramnit banker persistence spyware stealer trojan upx worm

Static task

static1

Behavioral task

behavioral1

Sample

d93a63e337411a795a64a354ab46a2bb2b21e822a3a1d6d633edb5203ba39be9.dll

Resource

win7-20220812-en

ramnit banker persistence spyware stealer trojan upx worm

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

d93a63e337411a795a64a354ab46a2bb2b21e822a3a1d6d633edb5203ba39be9.dll

Resource

win10v2004-20220901-en

ramnit banker spyware stealer trojan upx worm

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  d93a63e337411a795a64a354ab46a2bb2b21e822a3a1d6d633edb5203ba39be9
- Size
  
  108KB
- MD5
  
  66df444fbddd8fda358998d0aa4ca69f
- SHA1
  
  71f323d2fabdc4f3d0dda1ae89052078e0170e15
- SHA256
  
  d93a63e337411a795a64a354ab46a2bb2b21e822a3a1d6d633edb5203ba39be9
- SHA512
  
  8ced0e62223eaee1e6aa1822262421dfb6c762570421421afe03bbd34a27830cfac33d6e25e536efc2d18f685a1d2b38c8762bf76668d0c239a24dd79e73560c
- SSDEEP
  
  3072:4D09MaWLOdfPQdYeW231rj6a71fHkP2HzdhZ9vWCWR:gaqOdHQlua7CY5h+
Score

10^/10

ramnit banker persistence spyware stealer trojan upx worm
- Modifies WinLogon for persistence
  persistence
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

ramnitbankerpersistencespywarestealertrojanupxworm

behavioral2

ramnitbankerspywarestealertrojanupxworm

© 2018-2024

Terms | Privacy