ramnit | 25219ad407cb26ac174799adaf6ffb23b3697c3376aa8e072b0271d5b0ab5ce5 | Triage

Submit
Reports

Overview

overview

Static

static

25219ad407...e5.dll

windows7-x64

25219ad407...e5.dll

windows10-2004-x64

Sharing

General

Target

25219ad407cb26ac174799adaf6ffb23b3697c3376aa8e072b0271d5b0ab5ce5
Size

279KB
Sample

221205-qzc1gahg7y
MD5

69fb1b89d99533adf5313be733e69cb0
SHA1

0a4311679e277ca491192dc97caf1631b9742618
SHA256

25219ad407cb26ac174799adaf6ffb23b3697c3376aa8e072b0271d5b0ab5ce5
SHA512

ca4d1e7e35187d4cba6bda66cba72bb524dbf225e901dbcdd20833da96d2248c2bca4379d1ea4f87263e4b992951c2b1c31a6b7730854392a94f276828722161
SSDEEP

6144:ArkYHjIWeWcd71bynCoYh6ULa7U6+VSiJ:BYHjIWPo71boYs7w6GS6

Score

10^/10

ramnit banker persistence spyware stealer trojan upx worm

Static task

static1

Behavioral task

behavioral1

Sample

25219ad407cb26ac174799adaf6ffb23b3697c3376aa8e072b0271d5b0ab5ce5.dll

Resource

win7-20221111-en

ramnit banker persistence spyware stealer trojan upx worm

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

25219ad407cb26ac174799adaf6ffb23b3697c3376aa8e072b0271d5b0ab5ce5.dll

Resource

win10v2004-20220901-en

ramnit banker spyware stealer trojan upx worm

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  25219ad407cb26ac174799adaf6ffb23b3697c3376aa8e072b0271d5b0ab5ce5
- Size
  
  279KB
- MD5
  
  69fb1b89d99533adf5313be733e69cb0
- SHA1
  
  0a4311679e277ca491192dc97caf1631b9742618
- SHA256
  
  25219ad407cb26ac174799adaf6ffb23b3697c3376aa8e072b0271d5b0ab5ce5
- SHA512
  
  ca4d1e7e35187d4cba6bda66cba72bb524dbf225e901dbcdd20833da96d2248c2bca4379d1ea4f87263e4b992951c2b1c31a6b7730854392a94f276828722161
- SSDEEP
  
  6144:ArkYHjIWeWcd71bynCoYh6ULa7U6+VSiJ:BYHjIWPo71boYs7w6GS6
Score

10^/10

ramnit banker persistence spyware stealer trojan upx worm
- Modifies WinLogon for persistence
  persistence
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ramnitbankerpersistencespywarestealertrojanupxworm

behavioral2

ramnitbankerspywarestealertrojanupxworm

© 2018-2024

Terms | Privacy