ramnit | 9e19c4b9e6c9e8715b20a36bdfda405ca12cfd26adb1ec6316a4f7256c60884b | Triage

Submit
Reports

Overview

overview

Static

static

3

180585584c...18.dll

windows7-x64

180585584c...18.dll

windows10-2004-x64

Sharing

General

Target

180585584c14d9afbaa0670fad166c5f_JaffaCakes118
Size

832KB
Sample

240627-3x82cazbkd
MD5

180585584c14d9afbaa0670fad166c5f
SHA1

500b7099db374c718f3fd3a399750ad44bb74138
SHA256

9e19c4b9e6c9e8715b20a36bdfda405ca12cfd26adb1ec6316a4f7256c60884b
SHA512

4d685d7e7fb4a868d7cc622209c14e1f3a862b34aa0b13d4aca02ce5fce2278a5ed1e1ba89c7255f5ccf0c1f608bde1a55de527b6855ffa587743b3552c91e44
SSDEEP

12288:tPTv+CFW4hPdahP/RN2kU7fWS36pweWGJr619QV4qqxEnEk3D6qC5Uju80rv1mNs:tPSH4hQP/RN2fLqNK9QV4qBH1edefKP

Score

10^/10

ramnit sality backdoor banker evasion persistence spyware stealer trojan upx worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

180585584c14d9afbaa0670fad166c5f_JaffaCakes118.dll

Resource

win7-20240220-en

ramnit sality backdoor banker evasion persistence spyware stealer trojan upx worm

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

180585584c14d9afbaa0670fad166c5f_JaffaCakes118.dll

Resource

win10v2004-20240508-en

ramnit sality backdoor banker evasion spyware stealer trojan upx worm

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

- Target
  
  180585584c14d9afbaa0670fad166c5f_JaffaCakes118
- Size
  
  832KB
- MD5
  
  180585584c14d9afbaa0670fad166c5f
- SHA1
  
  500b7099db374c718f3fd3a399750ad44bb74138
- SHA256
  
  9e19c4b9e6c9e8715b20a36bdfda405ca12cfd26adb1ec6316a4f7256c60884b
- SHA512
  
  4d685d7e7fb4a868d7cc622209c14e1f3a862b34aa0b13d4aca02ce5fce2278a5ed1e1ba89c7255f5ccf0c1f608bde1a55de527b6855ffa587743b3552c91e44
- SSDEEP
  
  12288:tPTv+CFW4hPdahP/RN2kU7fWS36pweWGJr619QV4qqxEnEk3D6qC5Uju80rv1mNs:tPSH4hQP/RN2fLqNK9QV4qBH1edefKP
Score

10^/10

ramnit sality backdoor banker evasion persistence spyware stealer trojan upx worm
- Modifies WinLogon for persistence
  persistence
- Modifies firewall policy service
  evasion
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Create or Modify System Process

Windows Service

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Modify Registry

Impair Defenses

Disable or Modify Tools

Disable or Modify System Firewall

Abuse Elevation Control Mechanism

Bypass User Account Control

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

ramnitsalitybackdoorbankerevasionpersistencespywarestealertrojanupxworm

behavioral2

ramnitsalitybackdoorbankerevasionspywarestealertrojanupxworm

© 2018-2024

Terms | Privacy