ramnit | a19943c5d4123d462ce23393bab49af847e0db71b015bfc718ac6804538ead3c | Triage

Submit
Reports

Overview

overview

Static

static

3

18bc66e2a2...18.dll

windows7-x64

18bc66e2a2...18.dll

windows10-2004-x64

Sharing

General

Target

18bc66e2a2767fef1ec34d7489725fa6_JaffaCakes118
Size

166KB
Sample

240628-etb1fa1aje
MD5

18bc66e2a2767fef1ec34d7489725fa6
SHA1

cbf408cd65df80721c810b8331eb9a8027bb4b71
SHA256

a19943c5d4123d462ce23393bab49af847e0db71b015bfc718ac6804538ead3c
SHA512

eba4afe259925980904194cc942987202a7ace61fff5bfd9b43b31ebf7925087653499a87dfd40c4574d31a86c765c44cbefe71637591587ff5e2183f034b06d
SSDEEP

3072:ITU56gVxj27Neqk7s7xl0MQdLm+p04xUBTpwG5:r4go0MQEM00EdwG5

Score

10^/10

ramnit banker persistence spyware stealer trojan upx worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

18bc66e2a2767fef1ec34d7489725fa6_JaffaCakes118.dll

Resource

win7-20240508-en

ramnit banker persistence spyware stealer trojan upx worm

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

18bc66e2a2767fef1ec34d7489725fa6_JaffaCakes118.dll

Resource

win10v2004-20240508-en

ramnit banker spyware stealer trojan upx worm

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  18bc66e2a2767fef1ec34d7489725fa6_JaffaCakes118
- Size
  
  166KB
- MD5
  
  18bc66e2a2767fef1ec34d7489725fa6
- SHA1
  
  cbf408cd65df80721c810b8331eb9a8027bb4b71
- SHA256
  
  a19943c5d4123d462ce23393bab49af847e0db71b015bfc718ac6804538ead3c
- SHA512
  
  eba4afe259925980904194cc942987202a7ace61fff5bfd9b43b31ebf7925087653499a87dfd40c4574d31a86c765c44cbefe71637591587ff5e2183f034b06d
- SSDEEP
  
  3072:ITU56gVxj27Neqk7s7xl0MQdLm+p04xUBTpwG5:r4go0MQEM00EdwG5
Score

10^/10

ramnit banker persistence spyware stealer trojan upx worm
- Modifies WinLogon for persistence
  persistence
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

ramnitbankerpersistencespywarestealertrojanupxworm

behavioral2

ramnitbankerspywarestealertrojanupxworm

© 2018-2024

Terms | Privacy