ramnit | c9907e55f0d5592ff335d35708baeb186e11300df90aa3aef1a142344ecc493f | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

Backdoor.W...te.exe

windows7-x64

Backdoor.W...te.exe

windows10-2004-x64

Sharing

General

Target

Backdoor.Win32.IRCNite.jbc-c9907e55f0d5592ff335d35708baeb186e11300df90aa3aef1a142344ecc493f
Size

159KB
Sample

230425-v1azqabg76
MD5

709286f2947b18adb809110084227eea
SHA1

2e17106d559df79268d4a8b65b3edf2becc01daa
SHA256

c9907e55f0d5592ff335d35708baeb186e11300df90aa3aef1a142344ecc493f
SHA512

3449920ebde4a20fe51cfe3dadda41c9ca220dc4d0eb2d782e13be074378c3f4653be8fa0492f50e8487756cb4d8ee003998f1bcc302cb54063f312a764dc6fa
SSDEEP

3072:f2gWOEjo6pqMLvJkSo1KArzoHHAgzzInpD:OgXM9UKGzYHAKO

Score

10^/10

ramnit banker evasion persistence spyware stealer trojan upx worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Backdoor.Win32.IRCNite.exe

Resource

win7-20230220-en

ramnit banker evasion persistence spyware stealer trojan upx worm

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

Backdoor.Win32.IRCNite.exe

Resource

win10v2004-20230220-en

ramnit banker evasion persistence spyware stealer trojan upx worm

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  Backdoor.Win32.IRCNite.jbc-c9907e55f0d5592ff335d35708baeb186e11300df90aa3aef1a142344ecc493f
- Size
  
  159KB
- MD5
  
  709286f2947b18adb809110084227eea
- SHA1
  
  2e17106d559df79268d4a8b65b3edf2becc01daa
- SHA256
  
  c9907e55f0d5592ff335d35708baeb186e11300df90aa3aef1a142344ecc493f
- SHA512
  
  3449920ebde4a20fe51cfe3dadda41c9ca220dc4d0eb2d782e13be074378c3f4653be8fa0492f50e8487756cb4d8ee003998f1bcc302cb54063f312a764dc6fa
- SSDEEP
  
  3072:f2gWOEjo6pqMLvJkSo1KArzoHHAgzzInpD:OgXM9UKGzYHAKO
Score

10^/10

ramnit banker evasion persistence spyware stealer trojan upx worm
- Modifies WinLogon for persistence
  persistence
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Drops startup file
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ramnitbankerevasionpersistencespywarestealertrojanupxworm

behavioral2

ramnitbankerevasionpersistencespywarestealertrojanupxworm

© 2018-2025

Terms | Privacy