ramnit | c39a02d65e046ab3f46ee1f2315e17b8bf3b748af294d68d0d1a7d8c2f3252d8 | Triage

Submit
Reports

Overview

overview

Static

static

3

c39a02d65e...d8.dll

windows7-x64

c39a02d65e...d8.dll

windows10-2004-x64

Sharing

General

Target

c39a02d65e046ab3f46ee1f2315e17b8bf3b748af294d68d0d1a7d8c2f3252d8
Size

157KB
Sample

240526-c622aaca6s
MD5

5d5bed54a20709d639a8cccb47b87c47
SHA1

e98c5f4d7139731abf1ec3ad305c991af6eebb15
SHA256

c39a02d65e046ab3f46ee1f2315e17b8bf3b748af294d68d0d1a7d8c2f3252d8
SHA512

7193a0ec1bfa0f6f1d72fd57a2be46cb6d2e14aacce1e45c6069bacb82ef5ed8d385acd63f48ff08179dacca6a6a8cd96cb1e67a2e4153dbaf6b059099dcccd6
SSDEEP

3072:IMr6N9WfdNAbxBk69VyZhDsHYZ3rDINcQR0n6ecZdGU1QLaLNmYqhPzxm1p:IMqWfdNANG6yEYZ7DVQgsQLPzo1p

Score

10^/10

ramnit banker persistence spyware stealer trojan upx worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c39a02d65e046ab3f46ee1f2315e17b8bf3b748af294d68d0d1a7d8c2f3252d8.dll

Resource

win7-20240508-en

ramnit banker persistence spyware stealer trojan upx worm

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

c39a02d65e046ab3f46ee1f2315e17b8bf3b748af294d68d0d1a7d8c2f3252d8.dll

Resource

win10v2004-20240508-en

ramnit banker spyware stealer trojan upx worm

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  c39a02d65e046ab3f46ee1f2315e17b8bf3b748af294d68d0d1a7d8c2f3252d8
- Size
  
  157KB
- MD5
  
  5d5bed54a20709d639a8cccb47b87c47
- SHA1
  
  e98c5f4d7139731abf1ec3ad305c991af6eebb15
- SHA256
  
  c39a02d65e046ab3f46ee1f2315e17b8bf3b748af294d68d0d1a7d8c2f3252d8
- SHA512
  
  7193a0ec1bfa0f6f1d72fd57a2be46cb6d2e14aacce1e45c6069bacb82ef5ed8d385acd63f48ff08179dacca6a6a8cd96cb1e67a2e4153dbaf6b059099dcccd6
- SSDEEP
  
  3072:IMr6N9WfdNAbxBk69VyZhDsHYZ3rDINcQR0n6ecZdGU1QLaLNmYqhPzxm1p:IMqWfdNANG6yEYZ7DVQgsQLPzo1p
Score

10^/10

ramnit banker persistence spyware stealer trojan upx worm
- Modifies WinLogon for persistence
  persistence
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- UPX dump on OEP (original entry point)
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

ramnitbankerpersistencespywarestealertrojanupxworm

behavioral2

ramnitbankerspywarestealertrojanupxworm

© 2018-2024

Terms | Privacy