ramnit | c2bf0e8ed1ece709e72fecbc77de72fba47ebf655d29240b1628a8ea8c2efb97 | Triage

Submit
Reports

Overview

overview

Static

static

3

c2bf0e8ed1...97.dll

windows7-x64

c2bf0e8ed1...97.dll

windows10-2004-x64

Sharing

General

Target

c2bf0e8ed1ece709e72fecbc77de72fba47ebf655d29240b1628a8ea8c2efb97.exe
Size

116KB
Sample

241118-3kqn8sxdjf
MD5

89f8e9f21a829ebf8dd2955a3c7562c9
SHA1

a195f2b264b3389db0d82fd226d1382e32cbcbc7
SHA256

c2bf0e8ed1ece709e72fecbc77de72fba47ebf655d29240b1628a8ea8c2efb97
SHA512

3d67a42ef7724e8a0c1f834909e89c62b9383f2ce1c3a313c832963233f8eb15bb2302a38ef8e2d837dc1c6edf9333095e76c33b888c0fd19018688209a27539
SSDEEP

1536:juTLBvTKbySZyICNoOk619WQaJVYNyA3M1xgbbKEBQxK74G5BIq5ewYYNv:jc4bygyICNoOXnWQOVYNg9EQxa7w2v

Score

10^/10

ramnit banker discovery spyware stealer trojan upx worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c2bf0e8ed1ece709e72fecbc77de72fba47ebf655d29240b1628a8ea8c2efb97.dll

Resource

win7-20240729-en

ramnit banker discovery spyware stealer trojan upx worm

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

c2bf0e8ed1ece709e72fecbc77de72fba47ebf655d29240b1628a8ea8c2efb97.dll

Resource

win10v2004-20241007-en

ramnit banker discovery spyware stealer trojan upx worm

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  c2bf0e8ed1ece709e72fecbc77de72fba47ebf655d29240b1628a8ea8c2efb97.exe
- Size
  
  116KB
- MD5
  
  89f8e9f21a829ebf8dd2955a3c7562c9
- SHA1
  
  a195f2b264b3389db0d82fd226d1382e32cbcbc7
- SHA256
  
  c2bf0e8ed1ece709e72fecbc77de72fba47ebf655d29240b1628a8ea8c2efb97
- SHA512
  
  3d67a42ef7724e8a0c1f834909e89c62b9383f2ce1c3a313c832963233f8eb15bb2302a38ef8e2d837dc1c6edf9333095e76c33b888c0fd19018688209a27539
- SSDEEP
  
  1536:juTLBvTKbySZyICNoOk619WQaJVYNyA3M1xgbbKEBQxK74G5BIq5ewYYNv:jc4bygyICNoOXnWQOVYNg9EQxa7w2v
Score

10^/10

ramnit banker discovery spyware stealer trojan upx worm
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Ramnit family
  ramnit
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ramnitbankerdiscoveryspywarestealertrojanupxworm

behavioral2

ramnitbankerdiscoveryspywarestealertrojanupxworm

© 2018-2024

Terms | Privacy