ramnit | c82097759b1d5bbe83f3a366e4b8b6dc383c9212ef44f654693392188b5b72e1 | Triage

Sharing

General

Target

c82097759b1d5bbe83f3a366e4b8b6dc383c9212ef44f654693392188b5b72e1
Size

109KB
Sample

221203-qlstrsgg2v
MD5

803f58b97864885a37056b3d9cbe0c0a
SHA1

617beba298c0b9d2f109570ef073f1da48f0a76d
SHA256

c82097759b1d5bbe83f3a366e4b8b6dc383c9212ef44f654693392188b5b72e1
SHA512

7e52b9e5e7bd99985f50fd2b79545e6868e5b5877600149937643c123d7fd7390b278e44f211b1003da4b39b577e3f5fb09242f28b7996a0eda08aaf44c0d914
SSDEEP

3072:vgh2I2r6EHIABO7Q+Wzk8jwaaHw7Koj4r0C:6EH7yiC

Score

10^/10

ramnit banker evasion persistence spyware stealer trojan worm

Malware Config

Targets

- Target
  
  c82097759b1d5bbe83f3a366e4b8b6dc383c9212ef44f654693392188b5b72e1
- Size
  
  109KB
- MD5
  
  803f58b97864885a37056b3d9cbe0c0a
- SHA1
  
  617beba298c0b9d2f109570ef073f1da48f0a76d
- SHA256
  
  c82097759b1d5bbe83f3a366e4b8b6dc383c9212ef44f654693392188b5b72e1
- SHA512
  
  7e52b9e5e7bd99985f50fd2b79545e6868e5b5877600149937643c123d7fd7390b278e44f211b1003da4b39b577e3f5fb09242f28b7996a0eda08aaf44c0d914
- SSDEEP
  
  3072:vgh2I2r6EHIABO7Q+Wzk8jwaaHw7Koj4r0C:6EH7yiC
Score

10^/10

ramnit banker evasion persistence spyware stealer trojan worm
- Modifies WinLogon for persistence
  persistence
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- UAC bypass
  evasion trojan
- Executes dropped EXE
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ramnitbankerevasionpersistencespywarestealertrojanworm

behavioral2

ramnitbankerspywarestealertrojanworm