Overview

overview

10

Static

static

3

2025-01-30...it.exe

windows7-x64

10

2025-01-30...it.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-01-30_16999a3560ab728a8c610319df9287a3_mafia_ramnit

  • Size

    231KB

  • Sample

    250130-jhn8vawrej

  • MD5

    16999a3560ab728a8c610319df9287a3

  • SHA1

    b3c8b0e7249c43222af09e571ef276d5c4525098

  • SHA256

    9143aa44226b6c1f03e6a829c181ea5177286d047687782ad2b420f7d893f436

  • SHA512

    41d181af34b7837958de32857dea62696501d15eda6cffb0a20006974d7080456480b7769743af94a015840fe3c8853e09a188a5d0282e7cd360ff366d10c43a

  • SSDEEP

    3072:wbjoN8s5ue4OiizxDMjfSZ+yNn/43cTpWxZZB3Jzb6d5/GmYffW1CnmrlkQJ9q:wbEN4idDMjfSZlNn/IcpGnzG/GmmlnW8

Score
10/10
ramnitbankerdiscoverypersistencespywarestealertrojanupxworm

Malware Config

Targets

    • Target

      2025-01-30_16999a3560ab728a8c610319df9287a3_mafia_ramnit

    • Size

      231KB

    • MD5

      16999a3560ab728a8c610319df9287a3

    • SHA1

      b3c8b0e7249c43222af09e571ef276d5c4525098

    • SHA256

      9143aa44226b6c1f03e6a829c181ea5177286d047687782ad2b420f7d893f436

    • SHA512

      41d181af34b7837958de32857dea62696501d15eda6cffb0a20006974d7080456480b7769743af94a015840fe3c8853e09a188a5d0282e7cd360ff366d10c43a

    • SSDEEP

      3072:wbjoN8s5ue4OiizxDMjfSZ+yNn/43cTpWxZZB3Jzb6d5/GmYffW1CnmrlkQJ9q:wbEN4idDMjfSZlNn/IcpGnzG/GmmlnW8

    Score
    10/10
    ramnitbankerdiscoverypersistencespywarestealertrojanupxworm

    • Modifies WinLogon for persistence

      persistence

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

      trojanspywarestealerwormbankerramnit

    • Ramnit family

      ramnit

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks