ramnit | 4b33da871cd87e2d4c489f343b0e5641818b835a0ba238b7392461c0cf27daee | Triage

Submit
Reports

Overview

overview

Static

static

3

4b33da871c...ee.exe

windows7-x64

4b33da871c...ee.exe

windows10-2004-x64

7

Sharing

General

Target

4b33da871cd87e2d4c489f343b0e5641818b835a0ba238b7392461c0cf27daee
Size

10.3MB
Sample

240524-hern5agf45
MD5

e3abe904593a215b4dae43cdfd2b0d7e
SHA1

a24443eb26a99aed2cabb5285789dea8e51eb235
SHA256

4b33da871cd87e2d4c489f343b0e5641818b835a0ba238b7392461c0cf27daee
SHA512

0640b99cb3996685415fa5673ca087e32d598a8e66f0f87d84497e739730681e1a52811a8a72b7f98718ee55fbb72b2dd6c1b41dce5fb726f8ddd67d60dda617
SSDEEP

196608:46F/8qYqsBmiFm4CTqfG+vTiwnDmNQkJM8uDIYnKO37w7:TF/8qD4F3e+biSDcQwM8uDuN

Score

10^/10

ramnit banker spyware stealer trojan upx worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

4b33da871cd87e2d4c489f343b0e5641818b835a0ba238b7392461c0cf27daee.exe

Resource

win7-20240221-en

ramnit banker spyware stealer trojan upx worm

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

4b33da871cd87e2d4c489f343b0e5641818b835a0ba238b7392461c0cf27daee.exe

Resource

win10v2004-20240508-en

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  4b33da871cd87e2d4c489f343b0e5641818b835a0ba238b7392461c0cf27daee
- Size
  
  10.3MB
- MD5
  
  e3abe904593a215b4dae43cdfd2b0d7e
- SHA1
  
  a24443eb26a99aed2cabb5285789dea8e51eb235
- SHA256
  
  4b33da871cd87e2d4c489f343b0e5641818b835a0ba238b7392461c0cf27daee
- SHA512
  
  0640b99cb3996685415fa5673ca087e32d598a8e66f0f87d84497e739730681e1a52811a8a72b7f98718ee55fbb72b2dd6c1b41dce5fb726f8ddd67d60dda617
- SSDEEP
  
  196608:46F/8qYqsBmiFm4CTqfG+vTiwnDmNQkJM8uDIYnKO37w7:TF/8qD4F3e+biSDcQwM8uDuN
Score

10^/10

ramnit banker spyware stealer trojan upx worm
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ramnitbankerspywarestealertrojanupxworm

behavioral2

© 2018-2024

Terms | Privacy