ramnit | a95bd73e6a5d85b0917df4e6ce4c407c6a9b677e9d3da2a998b0de804e91c2c8 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

a95bd73e6a...c8.dll

windows7-x64

a95bd73e6a...c8.dll

windows10-2004-x64

8

Sharing

General

Target

a95bd73e6a5d85b0917df4e6ce4c407c6a9b677e9d3da2a998b0de804e91c2c8
Size

180KB
Sample

221204-cfrsmagb82
MD5

f9a0fd9594d9b8573c53772bc15d11e0
SHA1

492c0faad24bcd6ca6a362edd2f21f624d1645bd
SHA256

a95bd73e6a5d85b0917df4e6ce4c407c6a9b677e9d3da2a998b0de804e91c2c8
SHA512

4e4a1a064c5518005647891576af1564db473f6d6b7335fcb5386dcb6bc581eadfd0a300129fbb545bbf2f5ed31cfcfd9e42c88b5b8f532b9197b297d3e75d3f
SSDEEP

3072:en4cV8gf2u41Z5tKlH7CzACLtRk3OwquXvz7+IGqEJuj:M4y8gOl2xMA2X5uX7VGjJuj

Score

10^/10

ramnit banker persistence spyware stealer trojan upx worm

Static task

static1

Behavioral task

behavioral1

Sample

a95bd73e6a5d85b0917df4e6ce4c407c6a9b677e9d3da2a998b0de804e91c2c8.dll

Resource

win7-20221111-en

ramnit banker persistence spyware stealer trojan upx worm

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

a95bd73e6a5d85b0917df4e6ce4c407c6a9b677e9d3da2a998b0de804e91c2c8.dll

Resource

win10v2004-20220812-en

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Targets

- Target
  
  a95bd73e6a5d85b0917df4e6ce4c407c6a9b677e9d3da2a998b0de804e91c2c8
- Size
  
  180KB
- MD5
  
  f9a0fd9594d9b8573c53772bc15d11e0
- SHA1
  
  492c0faad24bcd6ca6a362edd2f21f624d1645bd
- SHA256
  
  a95bd73e6a5d85b0917df4e6ce4c407c6a9b677e9d3da2a998b0de804e91c2c8
- SHA512
  
  4e4a1a064c5518005647891576af1564db473f6d6b7335fcb5386dcb6bc581eadfd0a300129fbb545bbf2f5ed31cfcfd9e42c88b5b8f532b9197b297d3e75d3f
- SSDEEP
  
  3072:en4cV8gf2u41Z5tKlH7CzACLtRk3OwquXvz7+IGqEJuj:M4y8gOl2xMA2X5uX7VGjJuj
Score

10^/10

ramnit banker persistence spyware stealer trojan upx worm
- Modifies WinLogon for persistence
  persistence
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ramnitbankerpersistencespywarestealertrojanupxworm

behavioral2

© 2018-2025

Terms | Privacy