ramnit | 1204fcc6df6642257959c441fdfd562907b7135ebfe3dfaa8441e8f372376594 | Triage

Submit
Reports

Overview

overview

Static

static

3

1204fcc6df...94.exe

windows7-x64

1204fcc6df...94.exe

windows10-2004-x64

Sharing

General

Target

1204fcc6df6642257959c441fdfd562907b7135ebfe3dfaa8441e8f372376594
Size

938KB
Sample

240630-w8d7sasdjc
MD5

4e4010befd36c75466ee97219d47b261
SHA1

9dc92bcdf210ba38ad6c6a84f3993043f2fc983c
SHA256

1204fcc6df6642257959c441fdfd562907b7135ebfe3dfaa8441e8f372376594
SHA512

7453ef520a0af5e51975d063daf5b65e8d7c8432b36aeca5d5380ad8345741bbf42291b0c5d3a4b17cf9b416b246691bfada5fb3a6840b1a78187c3bff3455cf
SSDEEP

12288:47+G+rcR2BWcjL1JLs4Y6CRdz69HiJENgz5QDA6dVxawwMScxn/32XOG1T:47dRK85ro5RVxRScBf2XO0

Score

10^/10

ramnit banker spyware stealer trojan upx worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1204fcc6df6642257959c441fdfd562907b7135ebfe3dfaa8441e8f372376594.exe

Resource

win7-20240611-en

ramnit banker spyware stealer trojan upx worm

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

1204fcc6df6642257959c441fdfd562907b7135ebfe3dfaa8441e8f372376594.exe

Resource

win10v2004-20240611-en

ramnit banker spyware stealer trojan upx worm

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  1204fcc6df6642257959c441fdfd562907b7135ebfe3dfaa8441e8f372376594
- Size
  
  938KB
- MD5
  
  4e4010befd36c75466ee97219d47b261
- SHA1
  
  9dc92bcdf210ba38ad6c6a84f3993043f2fc983c
- SHA256
  
  1204fcc6df6642257959c441fdfd562907b7135ebfe3dfaa8441e8f372376594
- SHA512
  
  7453ef520a0af5e51975d063daf5b65e8d7c8432b36aeca5d5380ad8345741bbf42291b0c5d3a4b17cf9b416b246691bfada5fb3a6840b1a78187c3bff3455cf
- SSDEEP
  
  12288:47+G+rcR2BWcjL1JLs4Y6CRdz69HiJENgz5QDA6dVxawwMScxn/32XOG1T:47dRK85ro5RVxRScBf2XO0
Score

10^/10

ramnit banker spyware stealer trojan upx worm
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

ramnitbankerspywarestealertrojanupxworm

behavioral2

ramnitbankerspywarestealertrojanupxworm

© 2018-2024

Terms | Privacy