ramnit | d0d5f65432335254ff9d76359a2d343fc77d5825d7205dcbc7478a83e31ea457 | Triage

Submit
Reports

Overview

overview

Static

static

3

d0d5f65432...57.dll

windows7-x64

d0d5f65432...57.dll

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

d0d5f65432335254ff9d76359a2d343fc77d5825d7205dcbc7478a83e31ea457.exe
Size

224KB
Sample

241218-j1e3wssjgk
MD5

1f5b8f8ce6f407f82d99811d9d489abd
SHA1

50360c60c887e14ff99f860b9ec5813ce1006dea
SHA256

d0d5f65432335254ff9d76359a2d343fc77d5825d7205dcbc7478a83e31ea457
SHA512

f1d4edad7e5c0bf5a665c691491a6c63721af0198b0fb42be1c1583052c10bcf0711db782b717a92e15e22905b9edbe8c7a10d23d2ce869c95277de0aec8e372
SSDEEP

3072:ZGd5SXa28vl8juKJcXV9lCgGNlx91xaafMWtXZDPEs3K0G:0d5h7+juU8V9rGrr1xaaflpDPEs3HG

Score

10^/10

ramnit banker discovery persistence spyware stealer trojan upx worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d0d5f65432335254ff9d76359a2d343fc77d5825d7205dcbc7478a83e31ea457.dll

Resource

win7-20240708-en

ramnit banker discovery persistence spyware stealer trojan upx worm

windows7-x64

14 signatures

120 seconds

Behavioral task

behavioral2

Sample

d0d5f65432335254ff9d76359a2d343fc77d5825d7205dcbc7478a83e31ea457.dll

Resource

win10v2004-20241007-en

ramnit banker discovery spyware stealer trojan upx worm

windows10-2004-x64

15 signatures

120 seconds

Malware Config

Targets

- Target
  
  d0d5f65432335254ff9d76359a2d343fc77d5825d7205dcbc7478a83e31ea457.exe
- Size
  
  224KB
- MD5
  
  1f5b8f8ce6f407f82d99811d9d489abd
- SHA1
  
  50360c60c887e14ff99f860b9ec5813ce1006dea
- SHA256
  
  d0d5f65432335254ff9d76359a2d343fc77d5825d7205dcbc7478a83e31ea457
- SHA512
  
  f1d4edad7e5c0bf5a665c691491a6c63721af0198b0fb42be1c1583052c10bcf0711db782b717a92e15e22905b9edbe8c7a10d23d2ce869c95277de0aec8e372
- SSDEEP
  
  3072:ZGd5SXa28vl8juKJcXV9lCgGNlx91xaafMWtXZDPEs3K0G:0d5h7+juU8V9rGrr1xaaflpDPEs3HG
Score

10^/10

ramnit banker discovery persistence spyware stealer trojan upx worm
- Modifies WinLogon for persistence
  persistence
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Ramnit family
  ramnit
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ramnitbankerdiscoverypersistencespywarestealertrojanupxworm

behavioral2

ramnitbankerdiscoveryspywarestealertrojanupxworm

© 2018-2025

Terms | Privacy