ramnit | ce5804c5e440f29d931c8ced3179cef7cc9968d08651c2017bf8231915b346e0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

40f21e936dcec005add8f1aaa4d332fa
Size

240KB
Sample

240104-qdxsrabda9
MD5

40f21e936dcec005add8f1aaa4d332fa
SHA1

2bd98cb50305ce58d2a397e8890fd2fc8d9f0a5c
SHA256

ce5804c5e440f29d931c8ced3179cef7cc9968d08651c2017bf8231915b346e0
SHA512

22acf04458c7c6771857e6737ecd07a74881bfb92494f129f7b22c53ed8db8c4f817ec1a03c78635866767a7e26b91095f4b15f721f4f5015f0d3c66dafb701d
SSDEEP

3072:8RRSuEEFOZuswPjCEHpu35Vk6HSngNrlpjWHg40bfeNXDxkXFIyqQ4ZSA2Z81:cRSXEFx5Hw3FL7RagXORQ+V

Score

10^/10

ramnit banker evasion persistence spyware stealer trojan upx worm

Malware Config

Targets

- Target
  
  40f21e936dcec005add8f1aaa4d332fa
- Size
  
  240KB
- MD5
  
  40f21e936dcec005add8f1aaa4d332fa
- SHA1
  
  2bd98cb50305ce58d2a397e8890fd2fc8d9f0a5c
- SHA256
  
  ce5804c5e440f29d931c8ced3179cef7cc9968d08651c2017bf8231915b346e0
- SHA512
  
  22acf04458c7c6771857e6737ecd07a74881bfb92494f129f7b22c53ed8db8c4f817ec1a03c78635866767a7e26b91095f4b15f721f4f5015f0d3c66dafb701d
- SSDEEP
  
  3072:8RRSuEEFOZuswPjCEHpu35Vk6HSngNrlpjWHg40bfeNXDxkXFIyqQ4ZSA2Z81:cRSXEFx5Hw3FL7RagXORQ+V
Score

10^/10

ramnit banker evasion persistence spyware stealer trojan upx worm
- Modifies WinLogon for persistence
  persistence
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- UAC bypass
  evasion trojan
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ramnitbankerevasionpersistencespywarestealertrojanupxworm

behavioral2