ramnit | f142ef7a4027554cb455a6de9b44b312ba34b9b4188ee45259ba1f4238180a67 | Triage

Submit
Reports

Overview

overview

Static

static

3

27ce808184...0N.exe

windows7-x64

27ce808184...0N.exe

windows10-2004-x64

Sharing

General

Target

27ce8081843077b6e9c559267cb19f80N.exe
Size

165KB
Sample

240726-s8hcnaxbpl
MD5

27ce8081843077b6e9c559267cb19f80
SHA1

7811a1be5df65d6179147050a251fa8d3e2f63d4
SHA256

f142ef7a4027554cb455a6de9b44b312ba34b9b4188ee45259ba1f4238180a67
SHA512

bffe3125653f8c7db4ce2e797cbc068577a13c51dfa0eb1fd838740a91f9235c6c72eb1514c8729961fbec90550c0e19a8375afee41b6b8774f6d936c320ea27
SSDEEP

3072:QZSlI/HUOjSiToj7CEqfqg27mx/t3CnM9ga7ECfVeB1P0Yal7gz8PrVG:Qv/HFjSdfCZ47mx/t3Cn3a4CfUB1Cl7a

Score

10^/10

ramnit sality backdoor banker discovery evasion spyware stealer trojan upx worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

27ce8081843077b6e9c559267cb19f80N.exe

Resource

win7-20240705-en

ramnit sality backdoor banker evasion spyware stealer trojan upx worm

windows7-x64

16 signatures

120 seconds

Behavioral task

behavioral2

Sample

27ce8081843077b6e9c559267cb19f80N.exe

Resource

win10v2004-20240709-en

ramnit sality backdoor banker discovery evasion spyware stealer trojan upx worm

windows10-2004-x64

15 signatures

120 seconds

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

http://klkjwre77638dfqwieuoi888.info/

Targets

- Target
  
  27ce8081843077b6e9c559267cb19f80N.exe
- Size
  
  165KB
- MD5
  
  27ce8081843077b6e9c559267cb19f80
- SHA1
  
  7811a1be5df65d6179147050a251fa8d3e2f63d4
- SHA256
  
  f142ef7a4027554cb455a6de9b44b312ba34b9b4188ee45259ba1f4238180a67
- SHA512
  
  bffe3125653f8c7db4ce2e797cbc068577a13c51dfa0eb1fd838740a91f9235c6c72eb1514c8729961fbec90550c0e19a8375afee41b6b8774f6d936c320ea27
- SSDEEP
  
  3072:QZSlI/HUOjSiToj7CEqfqg27mx/t3CnM9ga7ECfVeB1P0Yal7gz8PrVG:Qv/HFjSdfCZ47mx/t3Cn3a4CfUB1Cl7a
Score

10^/10

ramnit sality backdoor banker evasion spyware stealer trojan upx worm discovery
- Modifies firewall policy service
  evasion
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Create or Modify System Process

Windows Service

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify System Firewall

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ramnitsalitybackdoorbankerevasionspywarestealertrojanupxworm

behavioral2

ramnitsalitybackdoorbankerdiscoveryevasionspywarestealertrojanupxworm

© 2018-2024

Terms | Privacy