ramnit | 53259b37c3a8c0491cf484b4fc86116052937b2bbec39d9673e46b7f7ca701db | Triage

Sharing

General

Target

53259b37c3a8c0491cf484b4fc86116052937b2bbec39d9673e46b7f7ca701db
Size

122KB
Sample

230130-ahc15saf24
MD5

239ae44b1addd26c7a19e1abe92d9000
SHA1

b322da76f51ec9ce0c806ac0e43a9475e92e29ff
SHA256

53259b37c3a8c0491cf484b4fc86116052937b2bbec39d9673e46b7f7ca701db
SHA512

7bb6917aff1c4cef02b991d6c8b9c825c720f43c6d1872e51cb896f185b55368ade37f64448059456e58389db00ca9b2a27be4e649957dfa9258aa94f1a37ff0
SSDEEP

3072:8huoIU9PWr3pEnmGVk8jwaaHw7Koj4rDkISg2z:88jU9PWOOx7E

Score

10^/10

ramnit banker evasion persistence spyware stealer trojan worm

Malware Config

Targets

- Target
  
  53259b37c3a8c0491cf484b4fc86116052937b2bbec39d9673e46b7f7ca701db
- Size
  
  122KB
- MD5
  
  239ae44b1addd26c7a19e1abe92d9000
- SHA1
  
  b322da76f51ec9ce0c806ac0e43a9475e92e29ff
- SHA256
  
  53259b37c3a8c0491cf484b4fc86116052937b2bbec39d9673e46b7f7ca701db
- SHA512
  
  7bb6917aff1c4cef02b991d6c8b9c825c720f43c6d1872e51cb896f185b55368ade37f64448059456e58389db00ca9b2a27be4e649957dfa9258aa94f1a37ff0
- SSDEEP
  
  3072:8huoIU9PWr3pEnmGVk8jwaaHw7Koj4rDkISg2z:88jU9PWOOx7E
Score

10^/10

ramnit banker evasion persistence spyware stealer trojan worm
- Modifies WinLogon for persistence
  persistence
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- UAC bypass
  evasion trojan
- Executes dropped EXE
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Modify Registry

Bypass User Account Control

Disabling Security Tools

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

ramnitbankerevasionpersistencespywarestealertrojanworm

behavioral2