ramnit | ca15fb12c921c8858dfdc700295aeb0e52e204a13f476c3c639d710a7faeee5e | Triage

Submit
Reports

Overview

overview

Static

static

3

ca15fb12c9...5e.dll

windows7-x64

ca15fb12c9...5e.dll

windows10-2004-x64

7

Sharing

General

Target

ca15fb12c921c8858dfdc700295aeb0e52e204a13f476c3c639d710a7faeee5e
Size

6.4MB
Sample

231203-ttfe7ada5z
MD5

ac5647237e9177cbc27c4e1835ab8764
SHA1

c5b032c227a36ff8c5951e970af1fe29e44c5b13
SHA256

ca15fb12c921c8858dfdc700295aeb0e52e204a13f476c3c639d710a7faeee5e
SHA512

a75a2b14ed741b2d8d93782a061ac32f3d6fcdc12b6b25d9600d37b36e43aa401fe64c6a5d9374212a16d2f01eff9338166f31c209224d72558661af152ad97a
SSDEEP

98304:8LqKz4UN6Pg3jUlBiaYC9+fw6iNTaR5rvXbwgfWISmnPKcraGvdhpWxn1:XpPwYlBjYC8w6kWrvLFx9PhvQ3

Score

10^/10

ramnit banker spyware stealer trojan upx worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ca15fb12c921c8858dfdc700295aeb0e52e204a13f476c3c639d710a7faeee5e.dll

Resource

win7-20231201-en

ramnit banker spyware stealer trojan upx worm

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

ca15fb12c921c8858dfdc700295aeb0e52e204a13f476c3c639d710a7faeee5e.dll

Resource

win10v2004-20231130-en

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  ca15fb12c921c8858dfdc700295aeb0e52e204a13f476c3c639d710a7faeee5e
- Size
  
  6.4MB
- MD5
  
  ac5647237e9177cbc27c4e1835ab8764
- SHA1
  
  c5b032c227a36ff8c5951e970af1fe29e44c5b13
- SHA256
  
  ca15fb12c921c8858dfdc700295aeb0e52e204a13f476c3c639d710a7faeee5e
- SHA512
  
  a75a2b14ed741b2d8d93782a061ac32f3d6fcdc12b6b25d9600d37b36e43aa401fe64c6a5d9374212a16d2f01eff9338166f31c209224d72558661af152ad97a
- SSDEEP
  
  98304:8LqKz4UN6Pg3jUlBiaYC9+fw6iNTaR5rvXbwgfWISmnPKcraGvdhpWxn1:XpPwYlBjYC8w6kWrvLFx9PhvQ3
Score

10^/10

ramnit banker spyware stealer trojan upx worm
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

ramnitbankerspywarestealertrojanupxworm

behavioral2

© 2018-2024

Terms | Privacy