ramnit | 0ba75fc2fe07c95f8a3ba6ac4c2ef6eff13b328fc90675712d11aadc02ba0a74 | Triage

Submit
Reports

Overview

overview

Static

static

0ba75fc2fe...74.dll

windows7-x64

0ba75fc2fe...74.dll

windows10-2004-x64

8

Sharing

General

Target

0ba75fc2fe07c95f8a3ba6ac4c2ef6eff13b328fc90675712d11aadc02ba0a74
Size

180KB
Sample

221204-c1kj2shg55
MD5

2c48e3c1d0ef419399c5fdcc203b5be0
SHA1

83946effc3c94a7ed934ac5342701f386f575e3f
SHA256

0ba75fc2fe07c95f8a3ba6ac4c2ef6eff13b328fc90675712d11aadc02ba0a74
SHA512

e0534d556169be6910210ef2616a0caf05a78c5fc41e9dc76d32d00a6daf4af1a69f148dadfb6c5a496a7188383b3c8c239bf0e5e03ac0f8d735cb4ae826262a
SSDEEP

3072:Rn4cV8gf2u41Z5tKlLMNaBaTvxpIpOPgEm0:F4y8gOl2XBspGpmHm

Score

10^/10

ramnit banker persistence spyware stealer trojan upx worm

Static task

static1

Behavioral task

behavioral1

Sample

0ba75fc2fe07c95f8a3ba6ac4c2ef6eff13b328fc90675712d11aadc02ba0a74.dll

Resource

win7-20220901-en

ramnit banker persistence spyware stealer trojan upx worm

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

0ba75fc2fe07c95f8a3ba6ac4c2ef6eff13b328fc90675712d11aadc02ba0a74.dll

Resource

win10v2004-20221111-en

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Targets

- Target
  
  0ba75fc2fe07c95f8a3ba6ac4c2ef6eff13b328fc90675712d11aadc02ba0a74
- Size
  
  180KB
- MD5
  
  2c48e3c1d0ef419399c5fdcc203b5be0
- SHA1
  
  83946effc3c94a7ed934ac5342701f386f575e3f
- SHA256
  
  0ba75fc2fe07c95f8a3ba6ac4c2ef6eff13b328fc90675712d11aadc02ba0a74
- SHA512
  
  e0534d556169be6910210ef2616a0caf05a78c5fc41e9dc76d32d00a6daf4af1a69f148dadfb6c5a496a7188383b3c8c239bf0e5e03ac0f8d735cb4ae826262a
- SSDEEP
  
  3072:Rn4cV8gf2u41Z5tKlLMNaBaTvxpIpOPgEm0:F4y8gOl2XBspGpmHm
Score

10^/10

ramnit banker persistence spyware stealer trojan upx worm
- Modifies WinLogon for persistence
  persistence
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ramnitbankerpersistencespywarestealertrojanupxworm

behavioral2

© 2018-2025

Terms | Privacy