ramnit | e786c502e5ca4c315d4301e6e14aa460f3deef5a6b04a1df2099c182b17adad0 | Triage

Submit
Reports

Overview

overview

Static

static

3

e786c502e5...0N.exe

windows7-x64

e786c502e5...0N.exe

windows10-2004-x64

Sharing

General

Target

e786c502e5ca4c315d4301e6e14aa460f3deef5a6b04a1df2099c182b17adad0N.exe
Size

411KB
Sample

241216-ekzp5svkeq
MD5

c46780ae0ca47177112a7d135d95ed10
SHA1

b734992f4b47190417028ee8daa7486a30ed4016
SHA256

e786c502e5ca4c315d4301e6e14aa460f3deef5a6b04a1df2099c182b17adad0
SHA512

18c1d42a8d38872dff389f1ba5c3d0d579dec49f8a1efeba5b3aa75be29f05ecfcfb8e7aa34cc0ef57ccdd5172db8109abb1eb686329e1f0b6462d32fffd2f21
SSDEEP

6144:61yUN7pmPUk9VMwXHOCgs+ej/4+zBNnmjf5Yr6ibzsHPwY3mhesXWkoF:6Q8pQ96w+ns+GwoNnmy5Xves/E

Score

10^/10

ramnit banker discovery evasion persistence spyware stealer trojan upx worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

e786c502e5ca4c315d4301e6e14aa460f3deef5a6b04a1df2099c182b17adad0N.exe

Resource

win7-20241010-en

ramnit banker discovery evasion persistence spyware stealer trojan upx worm

windows7-x64

16 signatures

120 seconds

Behavioral task

behavioral2

Sample

e786c502e5ca4c315d4301e6e14aa460f3deef5a6b04a1df2099c182b17adad0N.exe

Resource

win10v2004-20241007-en

ramnit banker discovery spyware stealer trojan upx worm

windows10-2004-x64

8 signatures

120 seconds

Malware Config

Targets

- Target
  
  e786c502e5ca4c315d4301e6e14aa460f3deef5a6b04a1df2099c182b17adad0N.exe
- Size
  
  411KB
- MD5
  
  c46780ae0ca47177112a7d135d95ed10
- SHA1
  
  b734992f4b47190417028ee8daa7486a30ed4016
- SHA256
  
  e786c502e5ca4c315d4301e6e14aa460f3deef5a6b04a1df2099c182b17adad0
- SHA512
  
  18c1d42a8d38872dff389f1ba5c3d0d579dec49f8a1efeba5b3aa75be29f05ecfcfb8e7aa34cc0ef57ccdd5172db8109abb1eb686329e1f0b6462d32fffd2f21
- SSDEEP
  
  6144:61yUN7pmPUk9VMwXHOCgs+ej/4+zBNnmjf5Yr6ibzsHPwY3mhesXWkoF:6Q8pQ96w+ns+GwoNnmy5Xves/E
Score

10^/10

ramnit banker discovery evasion persistence spyware stealer trojan upx worm
- Modifies visibility of file extensions in Explorer
  evasion
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Ramnit family
  ramnit
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Change Default File Association

Privilege Escalation

Event Triggered Execution

Change Default File Association

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ramnitbankerdiscoveryevasionpersistencespywarestealertrojanupxworm

behavioral2

ramnitbankerdiscoveryspywarestealertrojanupxworm

© 2018-2024

Terms | Privacy