ramnit | 3b47910e69e7050a8f0225fd3bdfc003802b392e12519f5f2413462e6481e47a | Triage

Sharing

General

Target

719be2a7e0f7dfd0aba67017ec2966cb
Size

220KB
Sample

231226-qjmvqshga8
MD5

719be2a7e0f7dfd0aba67017ec2966cb
SHA1

7f64efceb554aed2ddf665ebfca47eaa71ab3677
SHA256

3b47910e69e7050a8f0225fd3bdfc003802b392e12519f5f2413462e6481e47a
SHA512

ca95c58fc4d5aed75c1d6c6c95b799fde9c7665dcce3aab5c47971a53324977e0211206cd1f17659c4f5de3fda632dbacc0be62e5c79d8d4b384506856f4e143
SSDEEP

3072:GMsCUsER3Fx/asAm3jUWvUIYeMYqFquq8RnPZKlNkfKN5CS+t9CpZ+AS7P1ZBGjh:GMsCUpR35iLs8WD4HCGX7BGqy+lY

Score

10^/10

ramnit 26 ��1 banker persistence spyware stealer trojan worm

Malware Config

Extracted

Family

ramnit

Botnet

26

C2

��1:8001

Attributes

campaign_timestamp
1.505981184e+09
compile_timestamp
1.500910876e+09
dga_seed
7.90544302e+08
listen_port
0
num_dga_domains
40

xor.base64

rc4.plain

rsa_pubkey.base64

Extracted

Family

ramnit

Botnet

��1

C2

��1:8001

Attributes

campaign_timestamp
1.505981184e+09
compile_timestamp
1.500910876e+09
dga_seed
7.90544302e+08
listen_port
0
num_dga_domains
40

xor.base64

rc4.plain

rsa_pubkey.base64

Targets

- Target
  
  719be2a7e0f7dfd0aba67017ec2966cb
- Size
  
  220KB
- MD5
  
  719be2a7e0f7dfd0aba67017ec2966cb
- SHA1
  
  7f64efceb554aed2ddf665ebfca47eaa71ab3677
- SHA256
  
  3b47910e69e7050a8f0225fd3bdfc003802b392e12519f5f2413462e6481e47a
- SHA512
  
  ca95c58fc4d5aed75c1d6c6c95b799fde9c7665dcce3aab5c47971a53324977e0211206cd1f17659c4f5de3fda632dbacc0be62e5c79d8d4b384506856f4e143
- SSDEEP
  
  3072:GMsCUsER3Fx/asAm3jUWvUIYeMYqFquq8RnPZKlNkfKN5CS+t9CpZ+AS7P1ZBGjh:GMsCUpR35iLs8WD4HCGX7BGqy+lY
Score

10^/10

ramnit 26 ��1 banker persistence spyware stealer trojan worm
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Deletes itself
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

ramnit26��1bankerpersistencespywarestealertrojanworm

behavioral2

ramnit26��1bankerpersistencespywarestealertrojanworm