ramnit | e70211045ee34fd4a61c11774175ee3ac966afd8586dd60c6763548ad95f35dc | Triage

Submit
Reports

Overview

overview

Static

static

3

e70211045e...dc.dll

windows7-x64

e70211045e...dc.dll

windows10-2004-x64

Sharing

General

Target

e70211045ee34fd4a61c11774175ee3ac966afd8586dd60c6763548ad95f35dc
Size

276KB
Sample

240418-ecp6qsbd8y
MD5

a71724f88472ab5aece836094e3d3499
SHA1

ad24a717035aa70aa25f337384199ad4a95505ed
SHA256

e70211045ee34fd4a61c11774175ee3ac966afd8586dd60c6763548ad95f35dc
SHA512

95fc7476858607c343018e6b59962a66cb56194dc0d8589d4f93ea88a30943d39952d99a50b0a15882940194052efa7c87a007eaf2ba282b220e958d88042a55
SSDEEP

6144:frQuoca4u8i09CXwbkcijm5IZJlN4mQN:Mvoi09CkElN4mQ

Score

10^/10

ramnit banker spyware stealer trojan upx worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

e70211045ee34fd4a61c11774175ee3ac966afd8586dd60c6763548ad95f35dc.dll

Resource

win7-20240221-en

ramnit banker spyware stealer trojan upx worm

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

e70211045ee34fd4a61c11774175ee3ac966afd8586dd60c6763548ad95f35dc.dll

Resource

win10v2004-20240412-en

ramnit banker spyware stealer trojan upx worm

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  e70211045ee34fd4a61c11774175ee3ac966afd8586dd60c6763548ad95f35dc
- Size
  
  276KB
- MD5
  
  a71724f88472ab5aece836094e3d3499
- SHA1
  
  ad24a717035aa70aa25f337384199ad4a95505ed
- SHA256
  
  e70211045ee34fd4a61c11774175ee3ac966afd8586dd60c6763548ad95f35dc
- SHA512
  
  95fc7476858607c343018e6b59962a66cb56194dc0d8589d4f93ea88a30943d39952d99a50b0a15882940194052efa7c87a007eaf2ba282b220e958d88042a55
- SSDEEP
  
  6144:frQuoca4u8i09CXwbkcijm5IZJlN4mQN:Mvoi09CkElN4mQ
Score

10^/10

ramnit banker spyware stealer trojan upx worm
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- UPX dump on OEP (original entry point)
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

ramnitbankerspywarestealertrojanupxworm

behavioral2

ramnitbankerspywarestealertrojanupxworm

© 2018-2024

Terms | Privacy