ramnit | 7bcf78a0c36d5179dabd907f395a7b2ce9d2e4edae9a31963db2804ba7c54f5c | Triage

Submit
Reports

Overview

overview

Static

static

3

667fd5971b...cs.dll

windows7-x64

667fd5971b...cs.dll

windows10-2004-x64

Sharing

General

Target

667fd5971b9ef1c82d8b8bfd41acdb00_NeikiAnalytics.exe
Size

193KB
Sample

240526-e5ekpsfa5y
MD5

667fd5971b9ef1c82d8b8bfd41acdb00
SHA1

bde7fd3cb2f21956ce94704909012b88ec65192d
SHA256

7bcf78a0c36d5179dabd907f395a7b2ce9d2e4edae9a31963db2804ba7c54f5c
SHA512

d4edd5cb34dbd40d1282d7d06aef15026c9c40a7fad3f168d1371b6be6628cf77d5f61f3aaf890de0ad18577bde6fad0e2e24685f8c8bb533bf368b4040f9b16
SSDEEP

3072:kMr6N9WfdNAbxBU8jmXrJnEZ4y3wBDkoMxGW:kMqWfdNANbonKaBDYr

Score

10^/10

ramnit banker persistence spyware stealer trojan upx worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

667fd5971b9ef1c82d8b8bfd41acdb00_NeikiAnalytics.dll

Resource

win7-20240215-en

ramnit banker persistence spyware stealer trojan upx worm

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

667fd5971b9ef1c82d8b8bfd41acdb00_NeikiAnalytics.dll

Resource

win10v2004-20240508-en

ramnit banker spyware stealer trojan upx worm

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  667fd5971b9ef1c82d8b8bfd41acdb00_NeikiAnalytics.exe
- Size
  
  193KB
- MD5
  
  667fd5971b9ef1c82d8b8bfd41acdb00
- SHA1
  
  bde7fd3cb2f21956ce94704909012b88ec65192d
- SHA256
  
  7bcf78a0c36d5179dabd907f395a7b2ce9d2e4edae9a31963db2804ba7c54f5c
- SHA512
  
  d4edd5cb34dbd40d1282d7d06aef15026c9c40a7fad3f168d1371b6be6628cf77d5f61f3aaf890de0ad18577bde6fad0e2e24685f8c8bb533bf368b4040f9b16
- SSDEEP
  
  3072:kMr6N9WfdNAbxBU8jmXrJnEZ4y3wBDkoMxGW:kMqWfdNANbonKaBDYr
Score

10^/10

ramnit banker persistence spyware stealer trojan upx worm
- Modifies WinLogon for persistence
  persistence
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

ramnitbankerpersistencespywarestealertrojanupxworm

behavioral2

ramnitbankerspywarestealertrojanupxworm

© 2018-2024

Terms | Privacy