ramnit | 1ba66f4736d0866ffc70e217c4080067ee36d4663f3d1bcb82421b4b98d39b18 | Triage

Submit
Reports

Overview

overview

Static

static

7

1ba66f4736...8N.dll

windows7-x64

1ba66f4736...8N.dll

windows10-2004-x64

7

Sharing

General

Target

1ba66f4736d0866ffc70e217c4080067ee36d4663f3d1bcb82421b4b98d39b18N.exe
Size

2.6MB
Sample

241216-ttk1nswjdk
MD5

85699f224b69d34beb334e4d99d766d0
SHA1

e2f33b7967c4849cd9671367b33437a23dd971b6
SHA256

1ba66f4736d0866ffc70e217c4080067ee36d4663f3d1bcb82421b4b98d39b18
SHA512

899011cc168efa4b506888c4dfb9bc4cc10b736a58cc5782c92d5ce7ba963e9f61361ed8821205d333d20de7dc80d46dbf8b0179bea0956b626f9384eab4d1d6
SSDEEP

49152:15H5NODCwCU2vWBSxnlcheUUd+QOnsyFNykwUQlX6NLd:VN4CwUv1xnlBUUdhO9FgjUnH

Score

10^/10

ramnit banker discovery spyware stealer trojan upx vmprotect worm

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

1ba66f4736d0866ffc70e217c4080067ee36d4663f3d1bcb82421b4b98d39b18N.dll

Resource

win7-20240903-en

ramnit banker discovery spyware stealer trojan upx vmprotect worm

windows7-x64

14 signatures

120 seconds

Behavioral task

behavioral2

Sample

1ba66f4736d0866ffc70e217c4080067ee36d4663f3d1bcb82421b4b98d39b18N.dll

Resource

win10v2004-20241007-en

discovery upx vmprotect

windows10-2004-x64

7 signatures

120 seconds

Malware Config

Targets

- Target
  
  1ba66f4736d0866ffc70e217c4080067ee36d4663f3d1bcb82421b4b98d39b18N.exe
- Size
  
  2.6MB
- MD5
  
  85699f224b69d34beb334e4d99d766d0
- SHA1
  
  e2f33b7967c4849cd9671367b33437a23dd971b6
- SHA256
  
  1ba66f4736d0866ffc70e217c4080067ee36d4663f3d1bcb82421b4b98d39b18
- SHA512
  
  899011cc168efa4b506888c4dfb9bc4cc10b736a58cc5782c92d5ce7ba963e9f61361ed8821205d333d20de7dc80d46dbf8b0179bea0956b626f9384eab4d1d6
- SSDEEP
  
  49152:15H5NODCwCU2vWBSxnlcheUUd+QOnsyFNykwUQlX6NLd:VN4CwUv1xnlBUUdhO9FgjUnH
Score

10^/10

ramnit banker discovery spyware stealer trojan upx vmprotect worm
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Ramnit family
  ramnit
- Executes dropped EXE
- Loads dropped DLL
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ramnitbankerdiscoveryspywarestealertrojanupxvmprotectworm

behavioral2

discoveryupxvmprotect

© 2018-2025

Terms | Privacy