Overview

overview

10

Static

static

3

15d00fc2ef...18.dll

windows7-x64

10

15d00fc2ef...18.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    15d00fc2efbd85c50422b973081840bc_JaffaCakes118

  • Size

    337KB

  • Sample

    240627-ngqgqsycrh

  • MD5

    15d00fc2efbd85c50422b973081840bc

  • SHA1

    cf3d6bc5ebf9d8d989166adbfd967be2bef3ef74

  • SHA256

    dd32e1e9e2417e47708a7553a41bfcf5208bd3ca89a7f04742b202c910483e25

  • SHA512

    c91c07e4355a5887d058ea5f10b402792730c0d3f8e221a130a78eb9371d0667fc96e7111ac5337f144d12ff29b9f9a590ee454936d747abd29e5fa1c4cbd02a

  • SSDEEP

    6144:qN0yr1sO/wIKS0FKtOT/OrDtgUi0uvQee7Qee/0QeesQeeglQeekQeeDC7M3HCRD:qG6wndYtamDSU1MHCRflZ

Score
10/10
ramnitbankerpersistencespywarestealertrojanupxworm

Malware Config

Targets

    • Target

      15d00fc2efbd85c50422b973081840bc_JaffaCakes118

    • Size

      337KB

    • MD5

      15d00fc2efbd85c50422b973081840bc

    • SHA1

      cf3d6bc5ebf9d8d989166adbfd967be2bef3ef74

    • SHA256

      dd32e1e9e2417e47708a7553a41bfcf5208bd3ca89a7f04742b202c910483e25

    • SHA512

      c91c07e4355a5887d058ea5f10b402792730c0d3f8e221a130a78eb9371d0667fc96e7111ac5337f144d12ff29b9f9a590ee454936d747abd29e5fa1c4cbd02a

    • SSDEEP

      6144:qN0yr1sO/wIKS0FKtOT/OrDtgUi0uvQee7Qee/0QeesQeeglQeekQeeDC7M3HCRD:qG6wndYtamDSU1MHCRflZ

    Score
    10/10
    ramnitbankerpersistencespywarestealertrojanupxworm

    • Modifies WinLogon for persistence

      persistence

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

      trojanspywarestealerwormbankerramnit

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Winlogon Helper DLL

1
T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Winlogon Helper DLL

1
T1547.004

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks