ramnit | d00b97e29b99ef8a1974e6af4ad44e02b55be008dd7167ff248ed4f7998054ce | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

d00b97e29b...eN.dll

windows7-x64

d00b97e29b...eN.dll

windows10-2004-x64

Sharing

General

Target

d00b97e29b99ef8a1974e6af4ad44e02b55be008dd7167ff248ed4f7998054ceN.exe
Size

124KB
Sample

241226-fvlrpsxmfs
MD5

9ed44724c10f3a5a04658121a98389e0
SHA1

7241595d5d50b3acba528406fe7c7cba94d13d2d
SHA256

d00b97e29b99ef8a1974e6af4ad44e02b55be008dd7167ff248ed4f7998054ce
SHA512

e36413887b8a415c32d7014559208c648c49d0db6cafa9d477ccf52c638cf8922846b5c5029ee55ebedacbd00f0e2ff171be29ef22529e1a3f6bdc9fda8de448
SSDEEP

3072:gj6tLWNhkRM7VmKeZ88Dkj7oR2SqwKJXtf5DGyVBQwIY6X44:gTcvZNDkYR2SqwK/AyVBQ9RI4

Score

10^/10

ramnit banker discovery spyware stealer trojan upx worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d00b97e29b99ef8a1974e6af4ad44e02b55be008dd7167ff248ed4f7998054ceN.dll

Resource

win7-20240903-en

ramnit banker discovery spyware stealer trojan upx worm

windows7-x64

14 signatures

120 seconds

Behavioral task

behavioral2

Sample

d00b97e29b99ef8a1974e6af4ad44e02b55be008dd7167ff248ed4f7998054ceN.dll

Resource

win10v2004-20241007-en

ramnit banker discovery spyware stealer trojan upx worm

windows10-2004-x64

13 signatures

120 seconds

Malware Config

Targets

- Target
  
  d00b97e29b99ef8a1974e6af4ad44e02b55be008dd7167ff248ed4f7998054ceN.exe
- Size
  
  124KB
- MD5
  
  9ed44724c10f3a5a04658121a98389e0
- SHA1
  
  7241595d5d50b3acba528406fe7c7cba94d13d2d
- SHA256
  
  d00b97e29b99ef8a1974e6af4ad44e02b55be008dd7167ff248ed4f7998054ce
- SHA512
  
  e36413887b8a415c32d7014559208c648c49d0db6cafa9d477ccf52c638cf8922846b5c5029ee55ebedacbd00f0e2ff171be29ef22529e1a3f6bdc9fda8de448
- SSDEEP
  
  3072:gj6tLWNhkRM7VmKeZ88Dkj7oR2SqwKJXtf5DGyVBQwIY6X44:gTcvZNDkYR2SqwK/AyVBQ9RI4
Score

10^/10

ramnit banker discovery spyware stealer trojan upx worm
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Ramnit family
  ramnit
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ramnitbankerdiscoveryspywarestealertrojanupxworm

behavioral2

ramnitbankerdiscoveryspywarestealertrojanupxworm

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.