ramnit | 5d116b5a00cd979a0c82bb49cf665025b87f0bc9f79eeb245b9bea1b34a29e84 | Triage

Submit
Reports

Overview

overview

Static

static

5d116b5a00...84.dll

windows7-x64

5d116b5a00...84.dll

windows10-2004-x64

Sharing

General

Target

5d116b5a00cd979a0c82bb49cf665025b87f0bc9f79eeb245b9bea1b34a29e84
Size

500KB
Sample

221204-crmcaach2s
MD5

b1ce222e4fbd2b1f60ff4c6d96144c00
SHA1

cff3c1bbcc6a66d75954419ec66db28e237b3248
SHA256

5d116b5a00cd979a0c82bb49cf665025b87f0bc9f79eeb245b9bea1b34a29e84
SHA512

2b6b4633ecec4f3e6c9dfd986c347fe586c5167d66d1dfa3fc687df4b803eaff4cc287bbccd7e0869e539286763c70101a968d7fbe5493a45c0164956fa6a9ca
SSDEEP

12288:Gh8fZLyb9PzVMBC/HVMOp4PkxHLCYwZckMQMNb4o+33:G8F+Pzr/Hfp4MIYwZckMQm0oM

Score

10^/10

ramnit banker persistence spyware stealer trojan upx worm

Static task

static1

Behavioral task

behavioral1

Sample

5d116b5a00cd979a0c82bb49cf665025b87f0bc9f79eeb245b9bea1b34a29e84.dll

Resource

win7-20220812-en

ramnit banker persistence spyware stealer trojan upx worm

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

5d116b5a00cd979a0c82bb49cf665025b87f0bc9f79eeb245b9bea1b34a29e84.dll

Resource

win10v2004-20220812-en

ramnit banker spyware stealer trojan upx worm

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  5d116b5a00cd979a0c82bb49cf665025b87f0bc9f79eeb245b9bea1b34a29e84
- Size
  
  500KB
- MD5
  
  b1ce222e4fbd2b1f60ff4c6d96144c00
- SHA1
  
  cff3c1bbcc6a66d75954419ec66db28e237b3248
- SHA256
  
  5d116b5a00cd979a0c82bb49cf665025b87f0bc9f79eeb245b9bea1b34a29e84
- SHA512
  
  2b6b4633ecec4f3e6c9dfd986c347fe586c5167d66d1dfa3fc687df4b803eaff4cc287bbccd7e0869e539286763c70101a968d7fbe5493a45c0164956fa6a9ca
- SSDEEP
  
  12288:Gh8fZLyb9PzVMBC/HVMOp4PkxHLCYwZckMQMNb4o+33:G8F+Pzr/Hfp4MIYwZckMQm0oM
Score

10^/10

ramnit banker persistence spyware stealer trojan upx worm
- Modifies WinLogon for persistence
  persistence
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ramnitbankerpersistencespywarestealertrojanupxworm

behavioral2

ramnitbankerspywarestealertrojanupxworm

© 2018-2025

Terms | Privacy