ramnit | 80f23a972fffc3bb72a7a8fa64aa0f7390b87af4410d50145b1567e46c1f037a | Triage

Submit
Reports

Overview

overview

Static

static

3

80f23a972f...aN.dll

windows7-x64

80f23a972f...aN.dll

windows10-2004-x64

Sharing

General

Target

80f23a972fffc3bb72a7a8fa64aa0f7390b87af4410d50145b1567e46c1f037aN
Size

1.1MB
Sample

241002-mj2gcavfra
MD5

93a8c85a4850c713e058d195a7284f50
SHA1

042e5a60277ed2cc5bf24723215442f5d845294f
SHA256

80f23a972fffc3bb72a7a8fa64aa0f7390b87af4410d50145b1567e46c1f037a
SHA512

8d21a3f23406262b373a1e65565368951d0600c48ffb8b04bb132961ca7a2e57cc484745b4fac90bdb7db0a3e7c707d74bca29e3fa87f5350358206944e6822d
SSDEEP

24576:Q4/2xTokuPPRz3sFRI4LNpY4u6tm/wM02I5:As3V3INpDtm/N0

Score

10^/10

ramnit banker discovery evasion spyware stealer trojan upx worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

80f23a972fffc3bb72a7a8fa64aa0f7390b87af4410d50145b1567e46c1f037aN.dll

Resource

win7-20240903-en

ramnit banker discovery spyware stealer trojan upx worm

windows7-x64

11 signatures

120 seconds

Behavioral task

behavioral2

Sample

80f23a972fffc3bb72a7a8fa64aa0f7390b87af4410d50145b1567e46c1f037aN.dll

Resource

win10v2004-20240802-en

ramnit banker discovery evasion spyware stealer trojan upx worm

windows10-2004-x64

12 signatures

120 seconds

Malware Config

Targets

- Target
  
  80f23a972fffc3bb72a7a8fa64aa0f7390b87af4410d50145b1567e46c1f037aN
- Size
  
  1.1MB
- MD5
  
  93a8c85a4850c713e058d195a7284f50
- SHA1
  
  042e5a60277ed2cc5bf24723215442f5d845294f
- SHA256
  
  80f23a972fffc3bb72a7a8fa64aa0f7390b87af4410d50145b1567e46c1f037a
- SHA512
  
  8d21a3f23406262b373a1e65565368951d0600c48ffb8b04bb132961ca7a2e57cc484745b4fac90bdb7db0a3e7c707d74bca29e3fa87f5350358206944e6822d
- SSDEEP
  
  24576:Q4/2xTokuPPRz3sFRI4LNpY4u6tm/wM02I5:As3V3INpDtm/N0
Score

10^/10

ramnit banker discovery spyware stealer trojan upx worm evasion
- Modifies firewall policy service
  evasion
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ramnitbankerdiscoveryspywarestealertrojanupxworm

behavioral2

ramnitbankerdiscoveryevasionspywarestealertrojanupxworm

© 2018-2025

Terms | Privacy