Extracted

• • Target

    2025-02-27_93e46ab61e8d5002ac6b6a81820de9d5_mafia_ramnit

  • Size

    922KB

  • MD5

    93e46ab61e8d5002ac6b6a81820de9d5

  • SHA1

    bb28e2b1e2625de957f538a2b383870298eceb6e

  • SHA256

    128c27b6f1a779ee6f4c09b6b4199a1f4dcd0add5e56509370ad8093d6ccec1a

  • SHA512

    15f55fb724de989522851d6ea66d5cc9388565ef28a7689ca5b944f0b50f50ed33219eb109d4935f904f8d715a12167e8b24afc719aab4eeaa4a8667f76464c4

  • SSDEEP

    12288:cnKLeSOUbeP3Dc3wOZAaSKq89Ij07qVJZiKZO1xqd7JNEyTczBCQ+euSPxKE0INB:6Tc3wOya5dijyKJTZogd7JSb+f03gYr

  Score

  10^/10

  ramnitvidarbankerdiscoveryspywarestealertrojanupxworm

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit

  • Ramnit family

    ramnit

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar

  • Vidar family

    vidar

  • Vidar Stealer

    stealer

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads local data of messenger clients

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses 2FA software files, possible credential harvesting

    spywarestealer

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2