ramnit | d73379fab1de9711c9ddfeaeb92b2b9aeca4aefda67d950483bb6ec5ff00e446 | Triage

Submit
Reports

Overview

overview

Static

static

3

d7999a3e9a...00.dll

windows7-x64

d7999a3e9a...00.dll

windows10-2004-x64

Sharing

General

Target

d7999a3e9af0b9c230f38adebb5fc300.exe
Size

564KB
Sample

231206-zy79nahah2
MD5

d7999a3e9af0b9c230f38adebb5fc300
SHA1

6072f81e32d11f65a32b13540dbee2dd4e60a987
SHA256

d73379fab1de9711c9ddfeaeb92b2b9aeca4aefda67d950483bb6ec5ff00e446
SHA512

9e842a564d12df7915d62638f27a8619a549131a0a7990ec453de04762b559daec9e86427319d554168ae0075ef5a77795f41308dec727f7a136fdfef634e648
SSDEEP

12288:tehnaNPpSVZmNxRCwnwm3W3OHIIf5m9RhWFVJ:teh0PpS6NxNnwYeOHXAhWTJ

Score

10^/10

ramnit sality backdoor banker evasion persistence spyware stealer trojan upx worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d7999a3e9af0b9c230f38adebb5fc300.dll

Resource

win7-20231023-en

ramnit sality backdoor banker evasion persistence spyware stealer trojan upx worm

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

d7999a3e9af0b9c230f38adebb5fc300.dll

Resource

win10v2004-20231130-en

ramnit sality backdoor banker evasion spyware stealer trojan upx worm

windows10-2004-x64

22 signatures

150 seconds

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

- Target
  
  d7999a3e9af0b9c230f38adebb5fc300.exe
- Size
  
  564KB
- MD5
  
  d7999a3e9af0b9c230f38adebb5fc300
- SHA1
  
  6072f81e32d11f65a32b13540dbee2dd4e60a987
- SHA256
  
  d73379fab1de9711c9ddfeaeb92b2b9aeca4aefda67d950483bb6ec5ff00e446
- SHA512
  
  9e842a564d12df7915d62638f27a8619a549131a0a7990ec453de04762b559daec9e86427319d554168ae0075ef5a77795f41308dec727f7a136fdfef634e648
- SSDEEP
  
  12288:tehnaNPpSVZmNxRCwnwm3W3OHIIf5m9RhWFVJ:teh0PpS6NxNnwYeOHXAhWTJ
Score

10^/10

ramnit sality backdoor banker evasion persistence spyware stealer trojan upx worm
- Modifies WinLogon for persistence
  persistence
- Modifies firewall policy service
  evasion
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Create or Modify System Process

Windows Service

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Modify Registry

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

ramnitsalitybackdoorbankerevasionpersistencespywarestealertrojanupxworm

behavioral2

ramnitsalitybackdoorbankerevasionspywarestealertrojanupxworm

© 2018-2024

Terms | Privacy