ramnit | 8cf83656b818b4a1be3b4bbecca2a741119ece876c62794eb151c9765f1f86df | Triage

Submit
Reports

Overview

overview

Static

static

8cf83656b8...df.dll

windows7-x64

8cf83656b8...df.dll

windows10-2004-x64

Sharing

General

Target

8cf83656b818b4a1be3b4bbecca2a741119ece876c62794eb151c9765f1f86df
Size

650KB
Sample

221204-cj55esge39
MD5

bc2471fca8a36c0f9800a8aa46a47580
SHA1

abf952c3820b6046807924d8269ec4e83e210b8a
SHA256

8cf83656b818b4a1be3b4bbecca2a741119ece876c62794eb151c9765f1f86df
SHA512

4349fa4d5e027872b6d11d3ea32feb236ffc6fddd8f9c9ac36111304340ce812bf16e4089f092f5d93e4c2f77d1260cc7ea592ff419916530e819f69bbfa9b70
SSDEEP

12288:INIyZN4+Wv4PLq6Okrh9ZN/hs9DsdKeg0:I9TPmirh9Zdh61v0

Score

10^/10

ramnit banker persistence spyware stealer trojan upx worm

Static task

static1

Behavioral task

behavioral1

Sample

8cf83656b818b4a1be3b4bbecca2a741119ece876c62794eb151c9765f1f86df.dll

Resource

win7-20220901-en

ramnit banker persistence spyware stealer trojan upx worm

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

8cf83656b818b4a1be3b4bbecca2a741119ece876c62794eb151c9765f1f86df.dll

Resource

win10v2004-20220901-en

ramnit banker spyware stealer trojan upx worm

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  8cf83656b818b4a1be3b4bbecca2a741119ece876c62794eb151c9765f1f86df
- Size
  
  650KB
- MD5
  
  bc2471fca8a36c0f9800a8aa46a47580
- SHA1
  
  abf952c3820b6046807924d8269ec4e83e210b8a
- SHA256
  
  8cf83656b818b4a1be3b4bbecca2a741119ece876c62794eb151c9765f1f86df
- SHA512
  
  4349fa4d5e027872b6d11d3ea32feb236ffc6fddd8f9c9ac36111304340ce812bf16e4089f092f5d93e4c2f77d1260cc7ea592ff419916530e819f69bbfa9b70
- SSDEEP
  
  12288:INIyZN4+Wv4PLq6Okrh9ZN/hs9DsdKeg0:I9TPmirh9Zdh61v0
Score

10^/10

ramnit banker persistence spyware stealer trojan upx worm
- Modifies WinLogon for persistence
  persistence
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ramnitbankerpersistencespywarestealertrojanupxworm

behavioral2

ramnitbankerspywarestealertrojanupxworm

© 2018-2025

Terms | Privacy