ramnit | 26b3855f1adab3e35f4bc85783f996b0b2f2fc7e7b54763f861c500e1893eb9f | Triage

Submit
Reports

Overview

overview

Static

static

26b3855f1a...9f.dll

windows7-x64

26b3855f1a...9f.dll

windows10-2004-x64

8

Sharing

General

Target

26b3855f1adab3e35f4bc85783f996b0b2f2fc7e7b54763f861c500e1893eb9f
Size

180KB
Sample

221204-cx4thshe59
MD5

4ddedc258996c77de1b1e7252b4cb940
SHA1

dcbc41ff99fd929ba54b29fca95590201090a9da
SHA256

26b3855f1adab3e35f4bc85783f996b0b2f2fc7e7b54763f861c500e1893eb9f
SHA512

618e7c0b6f2752fb212c4c55097a1f28d67a87a6b531e0112f40d3a74be376366204220182df715ff76ebb0040e9dad77b832526bb82bab26b245e848da23e29
SSDEEP

3072:pn4cV8gf2u41Z5tKlRStQUVvK4Thuq4f49K3D:94y8gOl2HcVA4T87B3D

Score

10^/10

ramnit banker persistence spyware stealer trojan upx worm

Static task

static1

Behavioral task

behavioral1

Sample

26b3855f1adab3e35f4bc85783f996b0b2f2fc7e7b54763f861c500e1893eb9f.dll

Resource

win7-20220812-en

ramnit banker persistence spyware stealer trojan upx worm

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

26b3855f1adab3e35f4bc85783f996b0b2f2fc7e7b54763f861c500e1893eb9f.dll

Resource

win10v2004-20220812-en

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Targets

- Target
  
  26b3855f1adab3e35f4bc85783f996b0b2f2fc7e7b54763f861c500e1893eb9f
- Size
  
  180KB
- MD5
  
  4ddedc258996c77de1b1e7252b4cb940
- SHA1
  
  dcbc41ff99fd929ba54b29fca95590201090a9da
- SHA256
  
  26b3855f1adab3e35f4bc85783f996b0b2f2fc7e7b54763f861c500e1893eb9f
- SHA512
  
  618e7c0b6f2752fb212c4c55097a1f28d67a87a6b531e0112f40d3a74be376366204220182df715ff76ebb0040e9dad77b832526bb82bab26b245e848da23e29
- SSDEEP
  
  3072:pn4cV8gf2u41Z5tKlRStQUVvK4Thuq4f49K3D:94y8gOl2HcVA4T87B3D
Score

10^/10

ramnit banker persistence spyware stealer trojan upx worm
- Modifies WinLogon for persistence
  persistence
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ramnitbankerpersistencespywarestealertrojanupxworm

behavioral2

© 2018-2024

Terms | Privacy