ramnit | 0f044a74f450b79048d692c643cdeda89ba4b10838e51c61314bb0670c8d2077 | Triage

Submit
Reports

Overview

overview

Static

static

3

0f044a74f4...77.dll

windows7-x64

7

0f044a74f4...77.dll

windows10-2004-x64

Sharing

General

Target

0f044a74f450b79048d692c643cdeda89ba4b10838e51c61314bb0670c8d2077
Size

1.7MB
Sample

241120-ysq8hsslhw
MD5

d876caad3710f67598a244fd7d02d56e
SHA1

5e6a293020397d36a1d9286e1394d7dc95b07ba1
SHA256

0f044a74f450b79048d692c643cdeda89ba4b10838e51c61314bb0670c8d2077
SHA512

f9eebc06fcb4b5182a29d998cb9707e97bf7138ac95a455598b7a4c6d3a453a2bae40ec1e6acbc7090fa26c17276a3c775344bd2dd8abf7e3503375ffdcbef21
SSDEEP

24576:eXXG7YavHfjWlACnxpxTQURTFACjkmyLMcPtUOXtt1jFwGj:eX27lvLOhnhT5KKyMlg1FwGj

Score

10^/10

ramnit banker discovery spyware stealer trojan upx worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

0f044a74f450b79048d692c643cdeda89ba4b10838e51c61314bb0670c8d2077.dll

Resource

win7-20240729-en

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

0f044a74f450b79048d692c643cdeda89ba4b10838e51c61314bb0670c8d2077.dll

Resource

win10v2004-20241007-en

ramnit banker discovery spyware stealer trojan upx worm

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  0f044a74f450b79048d692c643cdeda89ba4b10838e51c61314bb0670c8d2077
- Size
  
  1.7MB
- MD5
  
  d876caad3710f67598a244fd7d02d56e
- SHA1
  
  5e6a293020397d36a1d9286e1394d7dc95b07ba1
- SHA256
  
  0f044a74f450b79048d692c643cdeda89ba4b10838e51c61314bb0670c8d2077
- SHA512
  
  f9eebc06fcb4b5182a29d998cb9707e97bf7138ac95a455598b7a4c6d3a453a2bae40ec1e6acbc7090fa26c17276a3c775344bd2dd8abf7e3503375ffdcbef21
- SSDEEP
  
  24576:eXXG7YavHfjWlACnxpxTQURTFACjkmyLMcPtUOXtt1jFwGj:eX27lvLOhnhT5KKyMlg1FwGj
Score

10^/10

discovery ramnit banker spyware stealer trojan upx worm
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Ramnit family
  ramnit
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

ramnitbankerdiscoveryspywarestealertrojanupxworm

© 2018-2024

Terms | Privacy