ramnit | f60a31d9aa18bc8a5454ec6fcff16e10d5409f8234be0d23ebe2567e5c102b60 | Triage

Submit
Reports

Overview

overview

Static

static

3

f60a31d9aa...60.dll

windows7-x64

f60a31d9aa...60.dll

windows10-2004-x64

Sharing

General

Target

f60a31d9aa18bc8a5454ec6fcff16e10d5409f8234be0d23ebe2567e5c102b60.exe
Size

204KB
Sample

250102-nrv5zasrek
MD5

92c64a9f109207ebe0f47e8fbd9e76a9
SHA1

8238e7ab8334fa276b88bf8df8db29a7c9bacc1a
SHA256

f60a31d9aa18bc8a5454ec6fcff16e10d5409f8234be0d23ebe2567e5c102b60
SHA512

acdc54fc7ed54d915ab4771492ee89caf88528e3448e43ea80d2ee9fa6567c98d22c19884e4fcda807224030aac2a524efb5c565123fba97a7f399ff401d7032
SSDEEP

3072:wgB3oFE5TT7z3EAS1uvY8XDxr3gNO0QO8rH/PyLpiuwRTzDZu:/1F33Eov9XDJgNAfqqRA

Score

10^/10

ramnit banker discovery evasion spyware stealer trojan upx worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f60a31d9aa18bc8a5454ec6fcff16e10d5409f8234be0d23ebe2567e5c102b60.dll

Resource

win7-20240903-en

ramnit banker discovery spyware stealer trojan upx worm

windows7-x64

11 signatures

120 seconds

Behavioral task

behavioral2

Sample

f60a31d9aa18bc8a5454ec6fcff16e10d5409f8234be0d23ebe2567e5c102b60.dll

Resource

win10v2004-20241007-en

discovery evasion upx

windows10-2004-x64

11 signatures

120 seconds

Malware Config

Targets

- Target
  
  f60a31d9aa18bc8a5454ec6fcff16e10d5409f8234be0d23ebe2567e5c102b60.exe
- Size
  
  204KB
- MD5
  
  92c64a9f109207ebe0f47e8fbd9e76a9
- SHA1
  
  8238e7ab8334fa276b88bf8df8db29a7c9bacc1a
- SHA256
  
  f60a31d9aa18bc8a5454ec6fcff16e10d5409f8234be0d23ebe2567e5c102b60
- SHA512
  
  acdc54fc7ed54d915ab4771492ee89caf88528e3448e43ea80d2ee9fa6567c98d22c19884e4fcda807224030aac2a524efb5c565123fba97a7f399ff401d7032
- SSDEEP
  
  3072:wgB3oFE5TT7z3EAS1uvY8XDxr3gNO0QO8rH/PyLpiuwRTzDZu:/1F33Eov9XDJgNAfqqRA
Score

10^/10

ramnit banker discovery spyware stealer trojan upx worm evasion
- Modifies firewall policy service
  evasion
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Ramnit family
  ramnit
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ramnitbankerdiscoveryspywarestealertrojanupxworm

behavioral2

discoveryevasionupx

© 2018-2025

Terms | Privacy