ramnit | 6c4d1e32647f1d4d0278ceb4ab0c9a3096e1266bd709bd97bcbb3ae836e3bdd1 | Triage

Submit
Reports

Overview

overview

Static

static

3

6c4d1e3264...d1.exe

windows7-x64

6c4d1e3264...d1.exe

windows10-2004-x64

7

Sharing

General

Target

6c4d1e32647f1d4d0278ceb4ab0c9a3096e1266bd709bd97bcbb3ae836e3bdd1
Size

780KB
Sample

240425-e1s8asfb85
MD5

35e232756bc4d30fd77cab54e27ab8c2
SHA1

55d49ace6a2e6bcb41d68b8030e26fa9673e54d5
SHA256

6c4d1e32647f1d4d0278ceb4ab0c9a3096e1266bd709bd97bcbb3ae836e3bdd1
SHA512

965b51aa1dcaac9aa75ced89419a79d47495d285d5561df4d6605e81cbe410086beff91aee94116428e4eb4f42fad2608c101987e2a3f8e426efdbbb348f8c88
SSDEEP

12288:MOqhqlAEH2QBblNWl5VaFgt6O+q90kdX7ThOH:1qwlAEWQJ3I52g6lq9DdX71OH

Score

10^/10

ramnit banker spyware stealer trojan upx worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

6c4d1e32647f1d4d0278ceb4ab0c9a3096e1266bd709bd97bcbb3ae836e3bdd1.exe

Resource

win7-20240220-en

ramnit banker spyware stealer trojan upx worm

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

6c4d1e32647f1d4d0278ceb4ab0c9a3096e1266bd709bd97bcbb3ae836e3bdd1.exe

Resource

win10v2004-20240412-en

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  6c4d1e32647f1d4d0278ceb4ab0c9a3096e1266bd709bd97bcbb3ae836e3bdd1
- Size
  
  780KB
- MD5
  
  35e232756bc4d30fd77cab54e27ab8c2
- SHA1
  
  55d49ace6a2e6bcb41d68b8030e26fa9673e54d5
- SHA256
  
  6c4d1e32647f1d4d0278ceb4ab0c9a3096e1266bd709bd97bcbb3ae836e3bdd1
- SHA512
  
  965b51aa1dcaac9aa75ced89419a79d47495d285d5561df4d6605e81cbe410086beff91aee94116428e4eb4f42fad2608c101987e2a3f8e426efdbbb348f8c88
- SSDEEP
  
  12288:MOqhqlAEH2QBblNWl5VaFgt6O+q90kdX7ThOH:1qwlAEWQJ3I52g6lq9DdX71OH
Score

10^/10

ramnit banker spyware stealer trojan upx worm
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ramnitbankerspywarestealertrojanupxworm

behavioral2

© 2018-2024

Terms | Privacy