ramnit | d9903b3f3f63da64acb7ec45ebc26b8239840c7efa29a20933d62bd2c28b3d67 | Triage

Submit
Reports

Overview

overview

Static

static

3

17555e2385...18.exe

windows7-x64

17555e2385...18.exe

windows10-2004-x64

Sharing

General

Target

17555e2385b38ef8f73ad76211e74fd1_JaffaCakes118
Size

168KB
Sample

240627-yqqh7szfrp
MD5

17555e2385b38ef8f73ad76211e74fd1
SHA1

5183e4999d648d6ffbafc744a72f5c07301ef51d
SHA256

d9903b3f3f63da64acb7ec45ebc26b8239840c7efa29a20933d62bd2c28b3d67
SHA512

e04cc2fdf0e05807a3202905315bf1e564f2d108b23caeb160ab2c3cc8c188a4f1a2b59a09df3ff5cb473ff70b19b8d5f213d60b832b7b9e278ca6a8334b3a9b
SSDEEP

3072:Dxf026qbJ1y4GNq5jz+/YiMaY7lsSMsp7P+unkRYx5w:oqHGoq/TMFh1Mspi5n

Score

10^/10

ramnit sality backdoor banker evasion spyware stealer trojan upx worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

17555e2385b38ef8f73ad76211e74fd1_JaffaCakes118.exe

Resource

win7-20240611-en

ramnit sality backdoor banker evasion spyware stealer trojan upx worm

windows7-x64

22 signatures

150 seconds

Behavioral task

behavioral2

Sample

17555e2385b38ef8f73ad76211e74fd1_JaffaCakes118.exe

Resource

win10v2004-20240508-en

ramnit sality backdoor banker evasion spyware stealer trojan upx worm

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

- Target
  
  17555e2385b38ef8f73ad76211e74fd1_JaffaCakes118
- Size
  
  168KB
- MD5
  
  17555e2385b38ef8f73ad76211e74fd1
- SHA1
  
  5183e4999d648d6ffbafc744a72f5c07301ef51d
- SHA256
  
  d9903b3f3f63da64acb7ec45ebc26b8239840c7efa29a20933d62bd2c28b3d67
- SHA512
  
  e04cc2fdf0e05807a3202905315bf1e564f2d108b23caeb160ab2c3cc8c188a4f1a2b59a09df3ff5cb473ff70b19b8d5f213d60b832b7b9e278ca6a8334b3a9b
- SSDEEP
  
  3072:Dxf026qbJ1y4GNq5jz+/YiMaY7lsSMsp7P+unkRYx5w:oqHGoq/TMFh1Mspi5n
Score

10^/10

ramnit sality backdoor banker evasion spyware stealer trojan upx worm
- Modifies firewall policy service
  evasion
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Modify Registry

Impair Defenses

Disable or Modify Tools

Disable or Modify System Firewall

Abuse Elevation Control Mechanism

Bypass User Account Control

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

ramnitsalitybackdoorbankerevasionspywarestealertrojanupxworm

behavioral2

ramnitsalitybackdoorbankerevasionspywarestealertrojanupxworm

© 2018-2024

Terms | Privacy