ramnit | 74c98b514772ab488c6a465833f15d81e8613969c928968f5df1ef87ca5664fd | Triage

Submit
Reports

Overview

overview

Static

static

74c98b5147...fd.dll

windows7-x64

8

74c98b5147...fd.dll

windows10-2004-x64

Sharing

General

Target

74c98b514772ab488c6a465833f15d81e8613969c928968f5df1ef87ca5664fd
Size

184KB
Sample

221202-hcgfdabh74
MD5

2f215d7929f4ae492e55732d314b220b
SHA1

a2f9ac78d7746e7c7b00f1d455e7ff368a7a3ae3
SHA256

74c98b514772ab488c6a465833f15d81e8613969c928968f5df1ef87ca5664fd
SHA512

2f1622398b9112a1456a7dd75245ada51cbee53c3ee644b0548d1e81506bd4bb63690fe1b9c58f1aa99d7292a182b5a03583afa5c0ca03105cea7444ce19c342
SSDEEP

3072:eibTTp78CcWAtnvs0NL6DfGuyb8viLt4XaCwXJ93PNnIoF4H/zJNLpXEQA/tr8+:FT14tBvB16DR6t4KCEJ9fG9ffLpXEQoF

Score

10^/10

ramnit banker evasion spyware stealer trojan upx worm

Static task

static1

Behavioral task

behavioral1

Sample

74c98b514772ab488c6a465833f15d81e8613969c928968f5df1ef87ca5664fd.dll

Resource

win7-20220812-en

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

74c98b514772ab488c6a465833f15d81e8613969c928968f5df1ef87ca5664fd.dll

Resource

win10v2004-20221111-en

ramnit banker evasion spyware stealer trojan upx worm

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  74c98b514772ab488c6a465833f15d81e8613969c928968f5df1ef87ca5664fd
- Size
  
  184KB
- MD5
  
  2f215d7929f4ae492e55732d314b220b
- SHA1
  
  a2f9ac78d7746e7c7b00f1d455e7ff368a7a3ae3
- SHA256
  
  74c98b514772ab488c6a465833f15d81e8613969c928968f5df1ef87ca5664fd
- SHA512
  
  2f1622398b9112a1456a7dd75245ada51cbee53c3ee644b0548d1e81506bd4bb63690fe1b9c58f1aa99d7292a182b5a03583afa5c0ca03105cea7444ce19c342
- SSDEEP
  
  3072:eibTTp78CcWAtnvs0NL6DfGuyb8viLt4XaCwXJ93PNnIoF4H/zJNLpXEQA/tr8+:FT14tBvB16DR6t4KCEJ9fG9ffLpXEQoF
Score

10^/10

ramnit banker evasion spyware stealer trojan upx worm
- Modifies firewall policy service
  evasion
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Drops file in Drivers directory
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

ramnitbankerevasionspywarestealertrojanupxworm

© 2018-2024

Terms | Privacy