ramnit | 4a113e9217bfc48c1c79f17fec663637b92066af1dd82c9d8cf25cd0d5eda115 | Triage

Submit
Reports

Overview

overview

Static

static

3

19f258dc2e...18.dll

windows7-x64

19f258dc2e...18.dll

windows10-2004-x64

Sharing

General

Target

19f258dc2ec48604dbc1552a8881fce1_JaffaCakes118
Size

636KB
Sample

240628-nkz6cazcpn
MD5

19f258dc2ec48604dbc1552a8881fce1
SHA1

9802c31fa930c682e7a7e7454263d4a484c90b07
SHA256

4a113e9217bfc48c1c79f17fec663637b92066af1dd82c9d8cf25cd0d5eda115
SHA512

4572f9cc0336c28741145bdbb2b223e08ab862c3c1cbd0ecab7ee4262bec62899770bafde7a1ff9438378b44feb0a5d91ea9a795b740dcae8a7e707f0aeda371
SSDEEP

12288:7ehnaNPpSVZmNxRCwnwm3W3OHIIf5B5QlqMuCqbZYJF:7eh0PpS6NxNnwYeOHXj2qMu3K

Score

10^/10

ramnit banker persistence spyware stealer trojan upx worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

19f258dc2ec48604dbc1552a8881fce1_JaffaCakes118.dll

Resource

win7-20240508-en

ramnit banker persistence spyware stealer trojan upx worm

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

19f258dc2ec48604dbc1552a8881fce1_JaffaCakes118.dll

Resource

win10v2004-20240508-en

ramnit banker spyware stealer trojan upx worm

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  19f258dc2ec48604dbc1552a8881fce1_JaffaCakes118
- Size
  
  636KB
- MD5
  
  19f258dc2ec48604dbc1552a8881fce1
- SHA1
  
  9802c31fa930c682e7a7e7454263d4a484c90b07
- SHA256
  
  4a113e9217bfc48c1c79f17fec663637b92066af1dd82c9d8cf25cd0d5eda115
- SHA512
  
  4572f9cc0336c28741145bdbb2b223e08ab862c3c1cbd0ecab7ee4262bec62899770bafde7a1ff9438378b44feb0a5d91ea9a795b740dcae8a7e707f0aeda371
- SSDEEP
  
  12288:7ehnaNPpSVZmNxRCwnwm3W3OHIIf5B5QlqMuCqbZYJF:7eh0PpS6NxNnwYeOHXj2qMu3K
Score

10^/10

ramnit banker persistence spyware stealer trojan upx worm
- Modifies WinLogon for persistence
  persistence
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

ramnitbankerpersistencespywarestealertrojanupxworm

behavioral2

ramnitbankerspywarestealertrojanupxworm

© 2018-2024

Terms | Privacy