ramnit | 16014aab4365dd51c62c90d342bcec33bd05003ddc0265df344ef2a0c8da8557 | Triage

Submit
Reports

Overview

overview

Static

static

3

29c7cc4754...cs.dll

windows7-x64

29c7cc4754...cs.dll

windows10-2004-x64

Sharing

General

Target

29c7cc4754afdfee5a14fe2e1c029680_NeikiAnalytics.exe
Size

200KB
Sample

240528-a28l6aga8v
MD5

29c7cc4754afdfee5a14fe2e1c029680
SHA1

87e4951c35cdf446b9cc72061aab3f92608c0064
SHA256

16014aab4365dd51c62c90d342bcec33bd05003ddc0265df344ef2a0c8da8557
SHA512

cd814d7276f43834dac72a640209d41f0cbba22bd7b2f26ef4e7940a7adebfb2a46173303d957adf7f1c31b7c5a74ffbfa6d06dc7d3b7a7dbecb6d5fe6c3aef7
SSDEEP

6144:wMqWfdNANa/AjNggWEv9XCrrupJywxS9KLFJ5:vqWfdNA0/uNKmSmfx6KP5

Score

10^/10

ramnit sality backdoor banker evasion persistence spyware stealer trojan upx worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

29c7cc4754afdfee5a14fe2e1c029680_NeikiAnalytics.dll

Resource

win7-20240221-en

ramnit sality backdoor banker evasion persistence spyware stealer trojan upx worm

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

29c7cc4754afdfee5a14fe2e1c029680_NeikiAnalytics.dll

Resource

win10v2004-20240508-en

ramnit sality backdoor banker evasion spyware stealer trojan upx worm

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

- Target
  
  29c7cc4754afdfee5a14fe2e1c029680_NeikiAnalytics.exe
- Size
  
  200KB
- MD5
  
  29c7cc4754afdfee5a14fe2e1c029680
- SHA1
  
  87e4951c35cdf446b9cc72061aab3f92608c0064
- SHA256
  
  16014aab4365dd51c62c90d342bcec33bd05003ddc0265df344ef2a0c8da8557
- SHA512
  
  cd814d7276f43834dac72a640209d41f0cbba22bd7b2f26ef4e7940a7adebfb2a46173303d957adf7f1c31b7c5a74ffbfa6d06dc7d3b7a7dbecb6d5fe6c3aef7
- SSDEEP
  
  6144:wMqWfdNANa/AjNggWEv9XCrrupJywxS9KLFJ5:vqWfdNA0/uNKmSmfx6KP5
Score

10^/10

ramnit sality backdoor banker evasion persistence spyware stealer trojan upx worm
- Modifies WinLogon for persistence
  persistence
- Modifies firewall policy service
  evasion
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Create or Modify System Process

Windows Service

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Winlogon Helper DLL

Create or Modify System Process

Windows Service

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ramnitsalitybackdoorbankerevasionpersistencespywarestealertrojanupxworm

behavioral2

ramnitsalitybackdoorbankerevasionspywarestealertrojanupxworm

© 2018-2024

Terms | Privacy