ramnit | 92f89011a53d043bffb75f25e504da86740a76c7ba363ac809f53b93305e6c10 | Triage

Submit
Reports

Overview

overview

Static

static

3

92f89011a5...0N.exe

windows7-x64

92f89011a5...0N.exe

windows10-2004-x64

Sharing

General

Target

92f89011a53d043bffb75f25e504da86740a76c7ba363ac809f53b93305e6c10N
Size

343KB
Sample

241108-hr6ntaxhjg
MD5

b4e14698daf4161afb94778351302650
SHA1

ee718a7b3e3f63a775b93d89eb2e45424178d6c5
SHA256

92f89011a53d043bffb75f25e504da86740a76c7ba363ac809f53b93305e6c10
SHA512

2f934961171dcfac34aa31cac938c68b572fbbbc3e3dc0d3dca1504d90a25b97e946d120d2f99bd5f9d0ed578426400d84c6644b1ede283afec5c24d25d8cadf
SSDEEP

6144:v1yUN7pmPUk9VMwXHOCgs+ej/4+zBNnmjf5TwZ1TsCGmee1LKu4WLLY/va:vQ8pQ96w+ns+GwoNnmOZJaKK6Y/S

Score

10^/10

ramnit banker discovery evasion persistence spyware stealer trojan upx worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

92f89011a53d043bffb75f25e504da86740a76c7ba363ac809f53b93305e6c10N.exe

Resource

win7-20241023-en

ramnit banker discovery evasion persistence spyware stealer trojan upx worm

windows7-x64

15 signatures

120 seconds

Behavioral task

behavioral2

Sample

92f89011a53d043bffb75f25e504da86740a76c7ba363ac809f53b93305e6c10N.exe

Resource

win10v2004-20241007-en

discovery evasion persistence

windows10-2004-x64

9 signatures

120 seconds

Malware Config

Targets

- Target
  
  92f89011a53d043bffb75f25e504da86740a76c7ba363ac809f53b93305e6c10N
- Size
  
  343KB
- MD5
  
  b4e14698daf4161afb94778351302650
- SHA1
  
  ee718a7b3e3f63a775b93d89eb2e45424178d6c5
- SHA256
  
  92f89011a53d043bffb75f25e504da86740a76c7ba363ac809f53b93305e6c10
- SHA512
  
  2f934961171dcfac34aa31cac938c68b572fbbbc3e3dc0d3dca1504d90a25b97e946d120d2f99bd5f9d0ed578426400d84c6644b1ede283afec5c24d25d8cadf
- SSDEEP
  
  6144:v1yUN7pmPUk9VMwXHOCgs+ej/4+zBNnmjf5TwZ1TsCGmee1LKu4WLLY/va:vQ8pQ96w+ns+GwoNnmOZJaKK6Y/S
Score

10^/10

ramnit banker discovery evasion persistence spyware stealer trojan upx worm
- Modifies visibility of file extensions in Explorer
  evasion
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Ramnit family
  ramnit
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Change Default File Association

Privilege Escalation

Event Triggered Execution

Change Default File Association

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ramnitbankerdiscoveryevasionpersistencespywarestealertrojanupxworm

behavioral2

discoveryevasionpersistence

© 2018-2025

Terms | Privacy