ramnit | 431d587a9daa3cadc68140b06600a4875854bfcaaf60a4c268e48e406e7c2c92 | Triage

Submit
Reports

Overview

overview

Static

static

431d587a9d...92.dll

windows7-x64

8

431d587a9d...92.dll

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

431d587a9daa3cadc68140b06600a4875854bfcaaf60a4c268e48e406e7c2c92
Size

416KB
Sample

221205-qx977ahg2t
MD5

5adce2ddaba8eddeae1c5e76bc474cda
SHA1

3811acce6e4597422c386e957c4d90dae11fcc6a
SHA256

431d587a9daa3cadc68140b06600a4875854bfcaaf60a4c268e48e406e7c2c92
SHA512

ad020dd663d53ccf688a58dd25659d18b31a552c23327959ff8d0088acc1306199378e50b562ee9e9ac0f4f64baf3e072a1cf1ce615f958833e97718da7f1362
SSDEEP

12288:NeUWe6P/qH9ioFOt4hmUS8QGz5jUyyaj40:NeUO/qXIt1FGz9UPU

Score

10^/10

ramnit sality backdoor banker evasion spyware stealer trojan upx worm

Static task

static1

Behavioral task

behavioral1

Sample

431d587a9daa3cadc68140b06600a4875854bfcaaf60a4c268e48e406e7c2c92.dll

Resource

win7-20220901-en

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

431d587a9daa3cadc68140b06600a4875854bfcaaf60a4c268e48e406e7c2c92.dll

Resource

win10v2004-20221111-en

ramnit sality backdoor banker evasion spyware stealer trojan upx worm

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

- Target
  
  431d587a9daa3cadc68140b06600a4875854bfcaaf60a4c268e48e406e7c2c92
- Size
  
  416KB
- MD5
  
  5adce2ddaba8eddeae1c5e76bc474cda
- SHA1
  
  3811acce6e4597422c386e957c4d90dae11fcc6a
- SHA256
  
  431d587a9daa3cadc68140b06600a4875854bfcaaf60a4c268e48e406e7c2c92
- SHA512
  
  ad020dd663d53ccf688a58dd25659d18b31a552c23327959ff8d0088acc1306199378e50b562ee9e9ac0f4f64baf3e072a1cf1ce615f958833e97718da7f1362
- SSDEEP
  
  12288:NeUWe6P/qH9ioFOt4hmUS8QGz5jUyyaj40:NeUO/qXIt1FGz9UPU
Score

10^/10

ramnit sality backdoor banker evasion spyware stealer trojan upx worm
- Modifies firewall policy service
  evasion
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

ramnitsalitybackdoorbankerevasionspywarestealertrojanupxworm

© 2018-2025

Terms | Privacy