ramnit | 45aed5c3cb59ee2e4fcf7f803d50225908438301fa762807c20212254a1865ba | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

45aed5c3cb...aN.dll

windows7-x64

45aed5c3cb...aN.dll

windows10-2004-x64

Sharing

General

Target

45aed5c3cb59ee2e4fcf7f803d50225908438301fa762807c20212254a1865baN
Size

544KB
Sample

241009-n3q1dstepr
MD5

a647578fe929e82d4146b3e897d862b0
SHA1

b1e6354caae6a900ff248d24826d5ad7318539ce
SHA256

45aed5c3cb59ee2e4fcf7f803d50225908438301fa762807c20212254a1865ba
SHA512

450225cefd61822d60960fb67aeb2ec73f9340835d401c7aba530b88cf7aaf7fa15b63e7e412e31d54cfe5a0f498c94ba96a6a8f4ce4fe33ffbd6e6e4e34d6cf
SSDEEP

6144:BznfuoxrS/wZN+79+jUSyREaFvWvW0ecC0nnAJI7oEu1XruDocMX:BzfuYS/wP+YASyRVF4LecBtu17uDg

Score

10^/10

ramnit banker discovery spyware stealer trojan upx worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

45aed5c3cb59ee2e4fcf7f803d50225908438301fa762807c20212254a1865baN.dll

Resource

win7-20240903-en

ramnit banker discovery spyware stealer trojan upx worm

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

45aed5c3cb59ee2e4fcf7f803d50225908438301fa762807c20212254a1865baN.dll

Resource

win10v2004-20241007-en

ramnit banker discovery spyware stealer trojan upx worm

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  45aed5c3cb59ee2e4fcf7f803d50225908438301fa762807c20212254a1865baN
- Size
  
  544KB
- MD5
  
  a647578fe929e82d4146b3e897d862b0
- SHA1
  
  b1e6354caae6a900ff248d24826d5ad7318539ce
- SHA256
  
  45aed5c3cb59ee2e4fcf7f803d50225908438301fa762807c20212254a1865ba
- SHA512
  
  450225cefd61822d60960fb67aeb2ec73f9340835d401c7aba530b88cf7aaf7fa15b63e7e412e31d54cfe5a0f498c94ba96a6a8f4ce4fe33ffbd6e6e4e34d6cf
- SSDEEP
  
  6144:BznfuoxrS/wZN+79+jUSyREaFvWvW0ecC0nnAJI7oEu1XruDocMX:BzfuYS/wP+YASyRVF4LecBtu17uDg
Score

10^/10

ramnit banker discovery spyware stealer trojan upx worm
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ramnitbankerdiscoveryspywarestealertrojanupxworm

behavioral2

ramnitbankerdiscoveryspywarestealertrojanupxworm

© 2018-2025

Terms | Privacy