Overview

overview

10

Static

static

3

2024-12-11...it.exe

windows7-x64

10

2024-12-11...it.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-12-11_bdb49ef7be7155f04cbfd0fc4da33c08_mafia_ramnit

  • Size

    4.3MB

  • Sample

    241211-bxwmgatnbk

  • MD5

    bdb49ef7be7155f04cbfd0fc4da33c08

  • SHA1

    5908c9f6f41a8f9c8187d96442947c0cec5cc504

  • SHA256

    245b4df9ceafa31e854f40ce9836424d48a29f930b7d0783f928701138114756

  • SHA512

    cabfe018729925919c2c1bb9259ab63f1aa3cf4abed0042f9afe7949e08a95ff1f208e845f9caf34f231c5b467a35cbdf3d76539706709a7d0f7d026697db676

  • SSDEEP

    98304:Ed675opH8FnKhoIkrxLHCx9D0MEPrPTff4RSoj9ghi1RebMIg9Cbk/V8giirSeF:K810Wx2Xm7Tff4RSojDIg9Cbk/V88

Score
10/10
ramnitbankerdiscoverypersistencespywarestealertrojanupxworm

Malware Config

Targets

    • Target

      2024-12-11_bdb49ef7be7155f04cbfd0fc4da33c08_mafia_ramnit

    • Size

      4.3MB

    • MD5

      bdb49ef7be7155f04cbfd0fc4da33c08

    • SHA1

      5908c9f6f41a8f9c8187d96442947c0cec5cc504

    • SHA256

      245b4df9ceafa31e854f40ce9836424d48a29f930b7d0783f928701138114756

    • SHA512

      cabfe018729925919c2c1bb9259ab63f1aa3cf4abed0042f9afe7949e08a95ff1f208e845f9caf34f231c5b467a35cbdf3d76539706709a7d0f7d026697db676

    • SSDEEP

      98304:Ed675opH8FnKhoIkrxLHCx9D0MEPrPTff4RSoj9ghi1RebMIg9Cbk/V8giirSeF:K810Wx2Xm7Tff4RSojDIg9Cbk/V88

    Score
    10/10
    ramnitbankerdiscoverypersistencespywarestealertrojanupxworm

    • Modifies WinLogon for persistence

      persistence

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

      trojanspywarestealerwormbankerramnit

    • Ramnit family

      ramnit

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks