ramnit | 10e75daab8d37ded5da2e87609c5a30a515d90dd305e180568cfdf30da41a9a2 | Triage

Submit
Reports

Overview

overview

Static

static

3

10e75daab8...a2.exe

windows7-x64

7

10e75daab8...a2.exe

windows10-2004-x64

Sharing

General

Target

10e75daab8d37ded5da2e87609c5a30a515d90dd305e180568cfdf30da41a9a2
Size

163KB
Sample

241212-tmn4ra1pbp
MD5

83ab2ec3e3456bc3cc19457a7534576d
SHA1

3382b548d439bc16a4fd54aa49817109d13b8161
SHA256

10e75daab8d37ded5da2e87609c5a30a515d90dd305e180568cfdf30da41a9a2
SHA512

e603c8a683cbd1e259754c171c4066f3fe9aacd5d11636964041e38a25bdf8d6bdef4868f4c870a83214616770e89e1bd9c5ad1b3a3c830ee448610d0025b513
SSDEEP

3072:VftffhJCuU9Cw7vFoF3M9Z8oU8HyNftffhJCuUZROzoTq0+RO7IwnY:VVfhguMCysgZNSdVfhguikdNwB

Score

10^/10

ramnit banker discovery persistence spyware stealer trojan upx worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

10e75daab8d37ded5da2e87609c5a30a515d90dd305e180568cfdf30da41a9a2.exe

Resource

win7-20240903-en

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

10e75daab8d37ded5da2e87609c5a30a515d90dd305e180568cfdf30da41a9a2.exe

Resource

win10v2004-20241007-en

ramnit banker discovery persistence spyware stealer trojan upx worm

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  10e75daab8d37ded5da2e87609c5a30a515d90dd305e180568cfdf30da41a9a2
- Size
  
  163KB
- MD5
  
  83ab2ec3e3456bc3cc19457a7534576d
- SHA1
  
  3382b548d439bc16a4fd54aa49817109d13b8161
- SHA256
  
  10e75daab8d37ded5da2e87609c5a30a515d90dd305e180568cfdf30da41a9a2
- SHA512
  
  e603c8a683cbd1e259754c171c4066f3fe9aacd5d11636964041e38a25bdf8d6bdef4868f4c870a83214616770e89e1bd9c5ad1b3a3c830ee448610d0025b513
- SSDEEP
  
  3072:VftffhJCuU9Cw7vFoF3M9Z8oU8HyNftffhJCuUZROzoTq0+RO7IwnY:VVfhguMCysgZNSdVfhguikdNwB
Score

10^/10

discovery ramnit banker persistence spyware stealer trojan upx worm
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Ramnit family
  ramnit
- Drops file in Drivers directory
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

ramnitbankerdiscoverypersistencespywarestealertrojanupxworm

© 2018-2025

Terms | Privacy