ramnit | 370f0b0f9b4f9959e878144acd3ec913ea76e516fa065403a0862eaaf3109099 | Triage

Submit
Reports

Overview

overview

Static

static

370f0b0f9b...99.exe

windows7-x64

370f0b0f9b...99.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

Target

370f0b0f9b4f9959e878144acd3ec913ea76e516fa065403a0862eaaf3109099
Size

957KB
Sample

221204-a7ntyacd44
MD5

02f530b077b9c332ae9709a84df5a6a3
SHA1

6b81e2ea2b0f1606fcdaf98f77cb0df29da5f99b
SHA256

370f0b0f9b4f9959e878144acd3ec913ea76e516fa065403a0862eaaf3109099
SHA512

57ed7891f1d27568d43d4d9e011bdb479b055e974d16af25a7d4debb73cfd25ee0f52bf6869715139b507606926c4e458d07aa58fed296ab45871632ac596b59
SSDEEP

6144:A3i8X7pt4Oti0BWmKWIBtOcI9SSbA+cuXhlzo0naGDprKzbazJXddCP//QuhW:A3TdtLW5WIj1YSSdFxlPaGD2KvMwKW

Score

10^/10

ramnit banker persistence spyware stealer trojan upx worm

Static task

static1

Behavioral task

behavioral1

Sample

370f0b0f9b4f9959e878144acd3ec913ea76e516fa065403a0862eaaf3109099.exe

Resource

win7-20220901-en

ramnit banker persistence spyware stealer trojan upx worm

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

370f0b0f9b4f9959e878144acd3ec913ea76e516fa065403a0862eaaf3109099.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  370f0b0f9b4f9959e878144acd3ec913ea76e516fa065403a0862eaaf3109099
- Size
  
  957KB
- MD5
  
  02f530b077b9c332ae9709a84df5a6a3
- SHA1
  
  6b81e2ea2b0f1606fcdaf98f77cb0df29da5f99b
- SHA256
  
  370f0b0f9b4f9959e878144acd3ec913ea76e516fa065403a0862eaaf3109099
- SHA512
  
  57ed7891f1d27568d43d4d9e011bdb479b055e974d16af25a7d4debb73cfd25ee0f52bf6869715139b507606926c4e458d07aa58fed296ab45871632ac596b59
- SSDEEP
  
  6144:A3i8X7pt4Oti0BWmKWIBtOcI9SSbA+cuXhlzo0naGDprKzbazJXddCP//QuhW:A3TdtLW5WIj1YSSdFxlPaGD2KvMwKW
Score

10^/10

ramnit banker persistence spyware stealer trojan upx worm
- Modifies WinLogon for persistence
  persistence
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ramnitbankerpersistencespywarestealertrojanupxworm

behavioral2

© 2018-2025

Terms | Privacy