ramnit | ea863772564cbd1fb0bc7778d34f70b7a7755ccce0606b96e01dc4a8fc80b3ee | Triage

Sharing

General

Target

b8fef5b21e28029c9237233efc68fc6f
Size

100KB
Sample

240307-r7ve6aeg3z
MD5

b8fef5b21e28029c9237233efc68fc6f
SHA1

8dd54f6e717991f3daba459eb700661f6bbf131e
SHA256

ea863772564cbd1fb0bc7778d34f70b7a7755ccce0606b96e01dc4a8fc80b3ee
SHA512

c5aa9c9c8fb70bc3368ec75dc4b22254ca8c6eca880eabedf0c9d5610d3f57728beb79658ac10d995e639dc196f57f460c7361850b51e6a9be4045b2edd1f949
SSDEEP

3072:OyfGVaHHHlu8qq2WbGaP0YKjnGVk8jwaaHw7Koj4rDMwl:Oj4HUv0vcZBD

Score

10^/10

ramnit banker evasion persistence spyware stealer trojan worm

Malware Config

Targets

- Target
  
  b8fef5b21e28029c9237233efc68fc6f
- Size
  
  100KB
- MD5
  
  b8fef5b21e28029c9237233efc68fc6f
- SHA1
  
  8dd54f6e717991f3daba459eb700661f6bbf131e
- SHA256
  
  ea863772564cbd1fb0bc7778d34f70b7a7755ccce0606b96e01dc4a8fc80b3ee
- SHA512
  
  c5aa9c9c8fb70bc3368ec75dc4b22254ca8c6eca880eabedf0c9d5610d3f57728beb79658ac10d995e639dc196f57f460c7361850b51e6a9be4045b2edd1f949
- SSDEEP
  
  3072:OyfGVaHHHlu8qq2WbGaP0YKjnGVk8jwaaHw7Koj4rDMwl:Oj4HUv0vcZBD
Score

10^/10

ramnit banker evasion persistence spyware stealer trojan worm
- Modifies WinLogon for persistence
  persistence
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- UAC bypass
  evasion trojan
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Modify Registry

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

ramnitbankerevasionpersistencespywarestealertrojanworm

behavioral2

ramnitbankerspywarestealertrojanworm