ramnit | 8e110382fff23d9810a99c1679d072e68b781d1df344e3a6b4233f1cb62057fd | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8e110382fff23d9810a99c1679d072e68b781d1df344e3a6b4233f1cb62057fd
Size

361KB
Sample

240605-lqncmacc3s
MD5

aea8926f118d83c27585536b7966d868
SHA1

bab6a1661d72768ef417bf4868707550342d1b12
SHA256

8e110382fff23d9810a99c1679d072e68b781d1df344e3a6b4233f1cb62057fd
SHA512

1ccb4aa8473b0ecaea0e03d05e211d377691a8ec1c266260b690356b293ba24c6a29e7d1a76aba104b3400b0e6f89cb37d94854417188b6c08ac931bd83b673c
SSDEEP

6144:gLVwKiaun5aKEp5yRz1PQsHAEnSDep+56dVJqTFp0U0M6JVfMd16wuC5Rf:JKiauMKG5wx7nGepU+DWmU0M6TIr5Rf

Score

10^/10

ramnit banker evasion persistence spyware stealer trojan upx worm

Malware Config

Targets

- Target
  
  8e110382fff23d9810a99c1679d072e68b781d1df344e3a6b4233f1cb62057fd
- Size
  
  361KB
- MD5
  
  aea8926f118d83c27585536b7966d868
- SHA1
  
  bab6a1661d72768ef417bf4868707550342d1b12
- SHA256
  
  8e110382fff23d9810a99c1679d072e68b781d1df344e3a6b4233f1cb62057fd
- SHA512
  
  1ccb4aa8473b0ecaea0e03d05e211d377691a8ec1c266260b690356b293ba24c6a29e7d1a76aba104b3400b0e6f89cb37d94854417188b6c08ac931bd83b673c
- SSDEEP
  
  6144:gLVwKiaun5aKEp5yRz1PQsHAEnSDep+56dVJqTFp0U0M6JVfMd16wuC5Rf:JKiauMKG5wx7nGepU+DWmU0M6TIr5Rf
Score

10^/10

ramnit banker evasion persistence spyware stealer trojan upx worm
- Modifies WinLogon for persistence
  persistence
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Drops startup file
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Create or Modify System Process

Windows Service

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Create or Modify System Process

Windows Service

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ramnitbankerevasionpersistencespywarestealertrojanupxworm

behavioral2

ramnitbankerevasionpersistencespywarestealertrojanupxworm