ramnit | f5121b574648f600b6345c49c2e6fe1f699dd8b7e30f5f8941bab1e6bfb6b8d3 | Triage

Submit
Reports

Overview

overview

Static

static

3

f5121b5746...d3.exe

windows7-x64

f5121b5746...d3.exe

windows10-2004-x64

Sharing

General

Target

f5121b574648f600b6345c49c2e6fe1f699dd8b7e30f5f8941bab1e6bfb6b8d3
Size

176KB
Sample

241231-gm1fka1lew
MD5

c9567bfe37a45f6807c0b8efa58708be
SHA1

3bbe0f649376f3b77593dc70a5ace0b3a31f289b
SHA256

f5121b574648f600b6345c49c2e6fe1f699dd8b7e30f5f8941bab1e6bfb6b8d3
SHA512

901c784cc7e81e4bca3782846b42b3543327983126fc025bd1ace833025da6f7ef8840b90c44cf4f42ec76490c0890194cf051c064c1bf7bcbf8ed3c80bc2cc6
SSDEEP

3072:W4dkMa8usOxTBI/j6/aBI8uiSiZjGqY1zY39KELBJ5LkbEW+d0c0irf:mcAu2CBI8uR0A0NKELB7kb9NUrf

Score

10^/10

ramnit sality backdoor banker discovery evasion spyware stealer trojan upx worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f5121b574648f600b6345c49c2e6fe1f699dd8b7e30f5f8941bab1e6bfb6b8d3.exe

Resource

win7-20240903-en

ramnit sality backdoor banker discovery evasion spyware stealer trojan upx worm

windows7-x64

20 signatures

150 seconds

Behavioral task

behavioral2

Sample

f5121b574648f600b6345c49c2e6fe1f699dd8b7e30f5f8941bab1e6bfb6b8d3.exe

Resource

win10v2004-20241007-en

ramnit sality backdoor banker discovery evasion spyware stealer trojan upx worm

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

- Target
  
  f5121b574648f600b6345c49c2e6fe1f699dd8b7e30f5f8941bab1e6bfb6b8d3
- Size
  
  176KB
- MD5
  
  c9567bfe37a45f6807c0b8efa58708be
- SHA1
  
  3bbe0f649376f3b77593dc70a5ace0b3a31f289b
- SHA256
  
  f5121b574648f600b6345c49c2e6fe1f699dd8b7e30f5f8941bab1e6bfb6b8d3
- SHA512
  
  901c784cc7e81e4bca3782846b42b3543327983126fc025bd1ace833025da6f7ef8840b90c44cf4f42ec76490c0890194cf051c064c1bf7bcbf8ed3c80bc2cc6
- SSDEEP
  
  3072:W4dkMa8usOxTBI/j6/aBI8uiSiZjGqY1zY39KELBJ5LkbEW+d0c0irf:mcAu2CBI8uR0A0NKELB7kb9NUrf
Score

10^/10

ramnit sality backdoor banker discovery evasion spyware stealer trojan upx worm
- Modifies firewall policy service
  evasion
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Ramnit family
  ramnit
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- Sality family
  sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Create or Modify System Process

Windows Service

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify System Firewall

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ramnitsalitybackdoorbankerdiscoveryevasionspywarestealertrojanupxworm

behavioral2

ramnitsalitybackdoorbankerdiscoveryevasionspywarestealertrojanupxworm

© 2018-2025

Terms | Privacy