ramnit | b5ba3b909b6349674d39bdb5c4b0ca289767ff59de02cfe6a9eee0a59445fc58 | Triage

Sharing

General

Target

b5ba3b909b6349674d39bdb5c4b0ca289767ff59de02cfe6a9eee0a59445fc58
Size

5.8MB
Sample

240424-kmbc8agb54
MD5

5e79f5e3aa958cc74889bf7bb797516b
SHA1

4ec8da4bfff5ab6557d155782799221880a37b9e
SHA256

b5ba3b909b6349674d39bdb5c4b0ca289767ff59de02cfe6a9eee0a59445fc58
SHA512

c56daf64d999b86f4bead6f368dce78d58ccc4f5ee8cf72d19ea2133583079783c5fac5b222c56c03481e4e3ac1e466887a8766abeb3fbbc7f6d6847008b75cb
SSDEEP

98304:xupzPIBhNeFTIPU7VtieVoMKm70TtsS1AO:0liNEIm4eKMKm70B

Score

10^/10

ramnit banker evasion persistence spyware stealer trojan upx worm

Malware Config

Targets

- Target
  
  b5ba3b909b6349674d39bdb5c4b0ca289767ff59de02cfe6a9eee0a59445fc58
- Size
  
  5.8MB
- MD5
  
  5e79f5e3aa958cc74889bf7bb797516b
- SHA1
  
  4ec8da4bfff5ab6557d155782799221880a37b9e
- SHA256
  
  b5ba3b909b6349674d39bdb5c4b0ca289767ff59de02cfe6a9eee0a59445fc58
- SHA512
  
  c56daf64d999b86f4bead6f368dce78d58ccc4f5ee8cf72d19ea2133583079783c5fac5b222c56c03481e4e3ac1e466887a8766abeb3fbbc7f6d6847008b75cb
- SSDEEP
  
  98304:xupzPIBhNeFTIPU7VtieVoMKm70TtsS1AO:0liNEIm4eKMKm70B
Score

10^/10

ramnit banker evasion persistence spyware stealer trojan upx worm
- Modifies WinLogon for persistence
  persistence
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Create or Modify System Process

Windows Service

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Modify Registry

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

ramnitbankerevasionpersistencespywarestealertrojanupxworm

behavioral2

ramnitbankerevasionpersistencespywarestealertrojanupxworm