ramnit | db5d969ed82a8f31442e9e80fbe8f3bb931b9aea5d130a7347b1e7fd3aabb1dd | Triage

Submit
Reports

Overview

overview

Static

static

7

3885947f92...1f.exe

windows7-x64

3885947f92...1f.exe

windows10-2004-x64

Sharing

General

Target

3885947f92e29efda5b99462e34730a916d302802bb74916651d4b41753d621f.zip
Size

2.2MB
Sample

230306-nqplssbd8w
MD5

f33684f7e00199a8864b65776a5df500
SHA1

ff53955371c6e36bf69988befafbefefa9e0cb37
SHA256

db5d969ed82a8f31442e9e80fbe8f3bb931b9aea5d130a7347b1e7fd3aabb1dd
SHA512

f868f49b8371e7c9d59e67b8323513abe93a3b2c1510c5f9636e9c01933d32d040056a6a15467c5122ddb25b4b8211e1878210b2aaf4251d18807e997f02bfa0
SSDEEP

49152:1w6bd8HQCMQfecMYBIjwuPKIX3nMI/vMunZmWJUNoqthBNCLv+:172QLQ27YBIjpCPUv7nQJthBNE+

Score

10^/10

ramnit banker persistence spyware stealer trojan upx worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

3885947f92e29efda5b99462e34730a916d302802bb74916651d4b41753d621f.exe

Resource

win7-20230220-en

ramnit banker persistence spyware stealer trojan upx worm

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

3885947f92e29efda5b99462e34730a916d302802bb74916651d4b41753d621f.exe

Resource

win10v2004-20230220-en

ramnit banker persistence spyware stealer trojan upx worm

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  3885947f92e29efda5b99462e34730a916d302802bb74916651d4b41753d621f
- Size
  
  2.2MB
- MD5
  
  04ff9ea0b63fd3626e382d21aca0e443
- SHA1
  
  7a28e3a62ee8e8d613d4adacc237c6f03f5ca6c4
- SHA256
  
  3885947f92e29efda5b99462e34730a916d302802bb74916651d4b41753d621f
- SHA512
  
  d1b73cfb58fc893a990e18df039ec930654bccdd8fbbc8fb9efc99fb913a25a3fe9751adc864f94fb954f940d742defa00fe9201ee35fd5097a38e80f5b65658
- SSDEEP
  
  49152:bf4JYjtvbdDUDYTSN4x1PjcvJ5dfSObPXAbVoE56ijSb:UI5wDYy4f7wdLbQVoEc7b
Score

10^/10

ramnit banker persistence spyware stealer trojan upx worm
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Registers COM server for autorun
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

ramnitbankerpersistencespywarestealertrojanupxworm

behavioral2

ramnitbankerpersistencespywarestealertrojanupxworm

© 2018-2024

Terms | Privacy