ramnit

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_7a7a75e47403e3744df374a583559c425a7ce2fe6260fae994b3546a322109c6
Size

5.1MB
Sample

241229-pcpkba1ndk
MD5

2cf8f91255c51437526c622ac7946f22
SHA1

f9bf3057b2ee78c43c0f23282875c03dee89a585
SHA256

7a7a75e47403e3744df374a583559c425a7ce2fe6260fae994b3546a322109c6
SHA512

27d8b909ab604c4346f48a0ee6d9d9a019e979c34490b4720f8b689599ed9fc067d5336c0293cbc5fec7866b13d4ca2e2f19d1ebf816c77f6871294430ce319c
SSDEEP

98304:YOAFym0JHCI6qtX6CVH72qp1ThiRryOp7cjep4:DoymSTN5hn+Np54

Score

10^/10

Malware Config

Targets

- Target
  
  07069091241215607c36cbe294255edb67c26fd27ebee8923c0d0e23fc0b7baf
- Size
  
  295KB
- MD5
  
  15b137da76528c5fdf65ccbe36d4bca4
- SHA1
  
  706db0111606b79ef9b9396d9b514b1b6be72443
- SHA256
  
  07069091241215607c36cbe294255edb67c26fd27ebee8923c0d0e23fc0b7baf
- SHA512
  
  3732d20f5a4f19719348186783281bce4b068a7edd554960b426dd0b63c7d4dc0dfa64faba3ddf8895f0b6dab1e21ddcbfd776477e4390f3f06836365ecdaaf0
- SSDEEP
  
  6144:GyI+NWBdmHT1KQ8IHTIOwhoAzuU0h1bc7ObFM9O:GtBQ1V9whogwh11d
Score

10^/10

ramnit banker discovery spyware stealer trojan upx worm evasion
- Modifies firewall policy service
  evasion
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Ramnit family
  ramnit
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  092a8a750e5d4aee2bae9207ee5cfcaad2db4224f93cc3efe52fb113a2808db8
- Size
  
  157KB
- MD5
  
  e2753ae9503a05b6d86cbf016eb59ff0
- SHA1
  
  f2d4d2cd13b3b12951762a21586cb6f3129c8f95
- SHA256
  
  092a8a750e5d4aee2bae9207ee5cfcaad2db4224f93cc3efe52fb113a2808db8
- SHA512
  
  5363a002cdca8df310ebbc20e96ade59e4f581ddce1f81854c8ff2318d42b5731a29679073bc5f6d84f46117d5e0ec6d6b4a439be9b9ed3847cf48780bb1ccf4
- SSDEEP
  
  1536:VIZZnAEjEIZvumULmj4wrraK5dZ4Ltta9Km/ec3DtAL6bmZ4bXSjrAE+fySPoqRI:GnnAQVG/LytaKItS/fiLKS+f5Aq7i
Score

10^/10

ramnit banker discovery spyware stealer trojan upx worm
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Ramnit family
  ramnit
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral3 behavioral4
- Target
  
  0b4363ea1bbc55747d0c878125637bcf50aaeb4fc44b1b972c7b8daedc2512c7
- Size
  
  180KB
- MD5
  
  6fe4f3c7e30816366735d88c1c7e1032
- SHA1
  
  82466d2d156096389f470297e402544ee3175c8a
- SHA256
  
  0b4363ea1bbc55747d0c878125637bcf50aaeb4fc44b1b972c7b8daedc2512c7
- SHA512
  
  5c5598c1c0e1627682906da614b391cc05f027ddd545ce1ae0cc995469c0044466ba45331e310693f73ecae91ab81f0aeac45190405c7ed67b8d9175a8c4a549
- SSDEEP
  
  3072:zuug/5q6gVLypcFQIK5aaa5fWgi5r0fQRIKHIJdI60OWiJzpG/S6aPn:zuTgVLyE+g8r28I3MkJzpH6af
Score

10^/10

ramnit banker discovery spyware stealer trojan upx worm
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Ramnit family
  ramnit
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral5 behavioral6
- Target
  
  1474031cf449fb6bc31aa6bb646941714610874a7663787f62a07d817b614ea5
- Size
  
  410KB
- MD5
  
  937526d576083f85750190527110d814
- SHA1
  
  77807d34df6188dfe17f5c6dfd7c9e852be1442d
- SHA256
  
  1474031cf449fb6bc31aa6bb646941714610874a7663787f62a07d817b614ea5
- SHA512
  
  6af51639171c06d94f96f65d2c5004bf5c1a89778e375e235c823060687ff5c81f2f7bedc7e87623c1aa906070f9c13c17bcf52d5c3a1129a0ece656fbb40a24
- SSDEEP
  
  6144:HX/yyNg7ZdH6oBQ/xqam7KWPYR6jayTbT1rEjLEjKcdw/vQlGmO:HX/yEg7ZMf/YaQA6j/TyvWKcdhlxO
Score

10^/10

ramnit banker discovery spyware stealer trojan worm
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Ramnit family
  ramnit
- Executes dropped EXE
- Loads dropped DLL
behavioral7 behavioral8
- Target
  
  1c64423afe71c8539881c789518416a72ef8ee611727513e1f47c9c9154bb782
- Size
  
  536KB
- MD5
  
  48caaab4e0eff74db44c98d1b353744f
- SHA1
  
  8a5a6aac61cb8982899ddb86cce0ddc8c4248a34
- SHA256
  
  1c64423afe71c8539881c789518416a72ef8ee611727513e1f47c9c9154bb782
- SHA512
  
  2a0ad46cbe582dc3933e9b5d072e7fe299856f4ca7f4879c2de9c465566c685832b6d608154501e237bd68d2d7be4b7592265db46a3da184add34c11d18157fa
- SSDEEP
  
  6144:PtGrLFaxvDJDPAernALxwapvmNWz8+DeqXcnYxBCGvVpT0PFn0wccccccccWA8/S:FewD2OAONV+DeWZ7F9hF/BL96V
Score

10^/10

ramnit banker discovery spyware stealer trojan upx worm
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Ramnit family
  ramnit
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral10 behavioral9
- Target
  
  24754063ad81e8ab4be77eac0a61cdf74054083d04947327adf4a062c6ef84fb
- Size
  
  315KB
- MD5
  
  1300dd3d984b5b8292b91f9071c89330
- SHA1
  
  a8b5ed155d8d8b5cd4833d0243b3dc760a86a7aa
- SHA256
  
  24754063ad81e8ab4be77eac0a61cdf74054083d04947327adf4a062c6ef84fb
- SHA512
  
  296c4a6fb660c888edf4260973989ccbfed22695a4efb61d5654d24f87a4a825e271bd6e5d996e241292d875cf3cbf62a4654c84f8013a74ed37352e5925bcd4
- SSDEEP
  
  3072:bZx8gJscuAnU+JYoutueXlL0NL6UkUkc/z58LfPEDod/2WggPqQX/mGV/vl:t2AsnAnUJoSqL6UHR/zu7OkzPr+WV
Score

10^/10

ramnit banker discovery evasion persistence spyware stealer trojan upx worm
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Ramnit family
  ramnit
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Drops file in Drivers directory
- Sets service image path in registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral11 behavioral12
- Target
  
  262ab91f7f3303121efe6ceec005edeabf80ebe5cfc53a807ae99b636597985c
- Size
  
  300KB
- MD5
  
  80a3409d4e3101626bf7e67dbac7277b
- SHA1
  
  154397c618f792b64d2cc4a070de3e78cd8af370
- SHA256
  
  262ab91f7f3303121efe6ceec005edeabf80ebe5cfc53a807ae99b636597985c
- SHA512
  
  0506ac6ee368aac08381ca6adc4eb6ef299e4f03d8c0322cc37ad14e8345c8d0af22d22cd50b3b811d81641adad35ee7ce70e2a995b777ebcfe2898c716a3da9
- SSDEEP
  
  6144:XRT3ijR0134hnzETbV615wybm0en8bOU74e:XRT3ijRq34hnzETR2wk7x
Score

10^/10

ramnit banker discovery spyware stealer trojan upx worm
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Ramnit family
  ramnit
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral13 behavioral14
- Target
  
  2c6e7789308643ecb686566eba4753a825da5dab42e11fb207f8bbfa330f3990
- Size
  
  300KB
- MD5
  
  aff07f88d3d5de128e532aee3b4ee472
- SHA1
  
  44ae93a4ca7314686534a05fdfa3bc136b40f035
- SHA256
  
  2c6e7789308643ecb686566eba4753a825da5dab42e11fb207f8bbfa330f3990
- SHA512
  
  dedb049431d43e00e61ee75c8243cc400e842c6d61d3bf4df894b22cc6ffd91a49e38d1a8518b85b74fa01fa5d15e83f5aef35cfb073dc4c17042bbea75e06e1
- SSDEEP
  
  6144:fRT3ijR0134hnzETo+plp0W7VulIXpilp:fRT3ijRq34hnzETFvmQVMupilp
Score

10^/10

ramnit banker discovery spyware stealer trojan upx worm
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Ramnit family
  ramnit
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral15 behavioral16
- Target
  
  313130ecff1098fa44652ff626976d22f759ada06900b3e1ea125f412bf90814
- Size
  
  708KB
- MD5
  
  d75e0cb5f2fd42964bdbaa21795b2559
- SHA1
  
  8a523188e8db8edc31be0034e82761892e5fa2d1
- SHA256
  
  313130ecff1098fa44652ff626976d22f759ada06900b3e1ea125f412bf90814
- SHA512
  
  80d4dbcc3dbd68d0c5f41dd4d0a9ecc3499b3d9cbb37cc2e9796598de451c77c074d28da3f4c95691061da00d79eb52fa24f46b6277634d08e0a823566815106
- SSDEEP
  
  12288:2rMIztyCK5x8CBmn+RrNbEyWYa0Ie1vUxjVunNx0:cZyCA8CBmn+RrNj9ay5GuNx0
Score

10^/10

ramnit banker discovery spyware stealer trojan upx worm
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Ramnit family
  ramnit
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral17 behavioral18
- Target
  
  3a142d0199bd1e8504b199948f5b2742fcd704316875051f5f8cc3e75d6a1da1
- Size
  
  621KB
- MD5
  
  140adff6fa06c5f9a67fc84c2a5c1d56
- SHA1
  
  b6fb0284e976f092f5ef4030c24a411268d6e204
- SHA256
  
  3a142d0199bd1e8504b199948f5b2742fcd704316875051f5f8cc3e75d6a1da1
- SHA512
  
  50b8d4233584f3de12b00b69882b296d09cd9da8e2409c3b9852cd63ae5436d187c783cbeebb332475bf22ea3258bfcec3aea731c863ab256c9078c11b0de860
- SSDEEP
  
  12288:JrMIztyCK5x8CBmn+RrNbEyWYa0Ie1vUxjVP1fSGO:PZyCA8CBmn+RrNj9ay5GtaGO
Score

10^/10

ramnit banker discovery spyware stealer trojan upx worm
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Ramnit family
  ramnit
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral19 behavioral20
- Target
  
  473246aff3e141d2fc390990fa13a49cf36f66a8ace5f230250e7035981e1f2b
- Size
  
  260KB
- MD5
  
  17949a8906b9e1321abce9230ecd9508
- SHA1
  
  ecf04f0f28a25c57c6c5970222d6addbe9d4a840
- SHA256
  
  473246aff3e141d2fc390990fa13a49cf36f66a8ace5f230250e7035981e1f2b
- SHA512
  
  42302cb33b721a655ae802d8a9f24985b09d0cd4001541e37264af8fc118de6aa453dabde7baed1076d4aceb4a8e30889363d18fb326ec971d1bde22a09a300b
- SSDEEP
  
  6144:obylNNI1+qlDZiQV615wybm0en8bOU74C:obA6+qlDZiW2wk7/
Score

10^/10

ramnit banker discovery spyware stealer trojan upx worm
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Ramnit family
  ramnit
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral21 behavioral22
- Target
  
  532651acde43a5fb82a5c4de5c3dd9ef5809e5a75d52bb9af1c672c08e8c9062
- Size
  
  229KB
- MD5
  
  9e75e88bc221168a2656f4e15a43ba64
- SHA1
  
  134b4da9bfc9a7ae133eca9549e4e4342b2786af
- SHA256
  
  532651acde43a5fb82a5c4de5c3dd9ef5809e5a75d52bb9af1c672c08e8c9062
- SHA512
  
  762a6115e23f354bfab3d3589ca3f5014a11ae46c1d632b53c787bfa7302c23b88f02f9628b111822c99e9b999a4ee48a7fda6ae00d09fb69c5a3df242d6a05f
- SSDEEP
  
  6144:8X/yyNg7ZdHwqqqJZfqHiQFdZ/Y4kIA5ZHH:8X/yEg7ZxhDfqH5FdKXXn
Score

10^/10

ramnit banker discovery spyware stealer trojan upx worm
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Ramnit family
  ramnit
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral23 behavioral24
- Target
  
  54d317bff9681eb1d6bfd7691dd4096dd2bc4cc3a5a02be8f80aab623f349874
- Size
  
  232KB
- MD5
  
  d214bd2a3fa5111664d469fc7122fd5c
- SHA1
  
  4e43a71bdf9105bb1807a2dabc12b65c2b3a97aa
- SHA256
  
  54d317bff9681eb1d6bfd7691dd4096dd2bc4cc3a5a02be8f80aab623f349874
- SHA512
  
  72fe18156e719db170c54917c77dbf8dc710f546841280c9d46ecc9fe8033c7adaee477ccea12e243d4fbbea327ea4f01c2029d70f97043d59569b27197eb48b
- SSDEEP
  
  3072:B0YBL6oeaCIPOJye2AkEo1ov4VfTBooWhJsiOOMeflr6TVFoAYQ+YlKC:B0YB+/OOcHZtfT3sffMVFoAYQZlKC
Score

10^/10

ramnit banker discovery spyware stealer trojan upx worm
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Ramnit family
  ramnit
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral25 behavioral26
- Target
  
  574c22b9ce95cd6205f7ff6bab0e414c1e0d6bc26070819ce1c1ba0ccb710930
- Size
  
  536KB
- MD5
  
  3c9e5813d657a8b03b14f79aaf59e5b1
- SHA1
  
  271b0ea62cf0c9a65788cbd170e0504277a88bbb
- SHA256
  
  574c22b9ce95cd6205f7ff6bab0e414c1e0d6bc26070819ce1c1ba0ccb710930
- SHA512
  
  1ed38864a77b2027914bd35062a8f10c79c012091ad0c97cbccf020ae1259220ff194631c9534aa4b9fea9886cd6a2e57d7bd6efc4bdb094cfd7f9481694337e
- SSDEEP
  
  6144:PtGrLFaxvDJDPAernALxwapvmNWz8+DeqXcnYxBCGvVpT0PFn0wccccccccaA8/f:FewD2OAONV+DeWZ7F9lF/BL96o
Score

10^/10

ramnit banker discovery spyware stealer trojan upx worm
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Ramnit family
  ramnit
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral27 behavioral28
- Target
  
  6d76abe8ee33124ffde9dae2f6bccf7836b23ab3d0a92d9458b557c362c41e21
- Size
  
  593KB
- MD5
  
  2f066264a4e686e209d5f95c9ff2ce75
- SHA1
  
  c5a0e186fdacd4c8fb30964a13974b7896cb62e2
- SHA256
  
  6d76abe8ee33124ffde9dae2f6bccf7836b23ab3d0a92d9458b557c362c41e21
- SHA512
  
  06c2ed03f42e65aaf9a36606a29accc8fc9b0c3b5e12b845a13631b5199b1db1716731fd4402bdaa7f339cf6d3f1b9767ff99334e27c9cedb0871c966b1590a2
- SSDEEP
  
  12288:rSRaN5WNQz9cyoDuWhfCFYymJ6Ck83+QgF:u2WN89c8WWuJpgF
Score

10^/10

ramnit banker discovery spyware stealer trojan upx worm
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Ramnit family
  ramnit
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral29 behavioral30
- Target
  
  76f01f1de9ec5556d4b90155924980e6783c41dc8a2d36c653f403418343496d
- Size
  
  153KB
- MD5
  
  1d200785aaa75b290e0353e4d9866c5e
- SHA1
  
  206e5579975086e046dd1f2b038f8cdac1a3c120
- SHA256
  
  76f01f1de9ec5556d4b90155924980e6783c41dc8a2d36c653f403418343496d
- SHA512
  
  2a435051e0f68293b807336a0edb1b38adb5e2d038209f9f0639052309cc4b4e022aa486700b57c845837704902e1868197ce820ee57467a14614e0bfeb108b1
- SSDEEP
  
  3072:5+FDrK71QkbstyJjCKICpC72s/mlaXIbqlw+UAKh/PmE:5+w713bstyJj0sC7/HEqlw+URRP
Score

10^/10

discovery ramnit banker evasion spyware stealer trojan upx worm
- Modifies firewall policy service
  evasion
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Ramnit family
  ramnit
- Drops file in Drivers directory
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Modifies firewall policy service

Ramnit family

Executes dropped EXE

Loads dropped DLL

UPX packed file

Ramnit

Ramnit family

Loads dropped DLL

UPX packed file

Ramnit

Ramnit family

Executes dropped EXE

Loads dropped DLL

UPX packed file

Ramnit

Ramnit family

Executes dropped EXE

Loads dropped DLL

Ramnit

Ramnit family

Executes dropped EXE

Loads dropped DLL

UPX packed file

Modifies firewall policy service

Modifies security service

Modifies visiblity of hidden/system files in Explorer

Ramnit

Ramnit family

UAC bypass

Windows security bypass

Disables RegEdit via registry modification

Disables Task Manager via registry modification

Drops file in Drivers directory

Sets service image path in registry

Executes dropped EXE

Loads dropped DLL

Windows security modification

Adds Run key to start application

Checks whether UAC is enabled

UPX packed file

Ramnit

Ramnit family

Executes dropped EXE

Loads dropped DLL

UPX packed file

Ramnit

Ramnit family

Executes dropped EXE

Loads dropped DLL

UPX packed file

Ramnit

Ramnit family

Executes dropped EXE

Loads dropped DLL

UPX packed file

Ramnit

Ramnit family

Executes dropped EXE

Loads dropped DLL

UPX packed file

Ramnit

Ramnit family

Executes dropped EXE

Loads dropped DLL

UPX packed file

Ramnit

Ramnit family

Executes dropped EXE

Loads dropped DLL

UPX packed file

Ramnit

Ramnit family

Executes dropped EXE

Loads dropped DLL

UPX packed file