ramnit | 1dde3009cebda5c139c4ddf98574b2ac5cdc9a82b3e2402efaad66d0246bdee4 | Triage

Submit
Reports

Overview

overview

Static

static

3

1dde3009ce...e4.exe

windows7-x64

1dde3009ce...e4.exe

windows10-2004-x64

Sharing

General

Target

1dde3009cebda5c139c4ddf98574b2ac5cdc9a82b3e2402efaad66d0246bdee4
Size

2.6MB
Sample

240928-x6crlssenl
MD5

693d588667850d58b0257906ef0c08ce
SHA1

cb4366dd06a62bd35549722b282e86f0dcdde60a
SHA256

1dde3009cebda5c139c4ddf98574b2ac5cdc9a82b3e2402efaad66d0246bdee4
SHA512

aab2d29d59c9caaabfc40e0b4b04a5ff835975e571d4bef121fdb5b9e25eb213658a77609595339b00f3059a3367d54965650060beaafb4833357300b34a62a7
SSDEEP

49152:igTUS7p9aBZbTChxKCnFnQXBbrtgb/iQvu0UHOi:uZ6hxvWbrtUTrUHOi

Score

10^/10

ramnit renamer banker discovery persistence spyware stealer trojan upx worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1dde3009cebda5c139c4ddf98574b2ac5cdc9a82b3e2402efaad66d0246bdee4.exe

Resource

win7-20240903-en

ramnit renamer banker discovery spyware stealer trojan upx worm

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

1dde3009cebda5c139c4ddf98574b2ac5cdc9a82b3e2402efaad66d0246bdee4.exe

Resource

win10v2004-20240802-en

ramnit renamer banker discovery persistence spyware stealer trojan upx worm

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  1dde3009cebda5c139c4ddf98574b2ac5cdc9a82b3e2402efaad66d0246bdee4
- Size
  
  2.6MB
- MD5
  
  693d588667850d58b0257906ef0c08ce
- SHA1
  
  cb4366dd06a62bd35549722b282e86f0dcdde60a
- SHA256
  
  1dde3009cebda5c139c4ddf98574b2ac5cdc9a82b3e2402efaad66d0246bdee4
- SHA512
  
  aab2d29d59c9caaabfc40e0b4b04a5ff835975e571d4bef121fdb5b9e25eb213658a77609595339b00f3059a3367d54965650060beaafb4833357300b34a62a7
- SSDEEP
  
  49152:igTUS7p9aBZbTChxKCnFnQXBbrtgb/iQvu0UHOi:uZ6hxvWbrtUTrUHOi
Score

10^/10

ramnit renamer banker discovery spyware stealer trojan upx worm persistence
- Detects Renamer worm.
  Renamer aka Grename is worm written in Delphi.
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Renamer, Grenam
  Renamer aka Grenam is a worm written in Delphi.
  worm renamer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ramnitrenamerbankerdiscoveryspywarestealertrojanupxworm

behavioral2

ramnitrenamerbankerdiscoverypersistencespywarestealertrojanupxworm

© 2018-2025

Terms | Privacy