ramnit | 1c704dd9911e951ff3dc85c249908e2cac465f5a06d706607e33b3d1b56c7d87 | Triage

Submit
Reports

Overview

overview

Static

static

3

1a2ed9d7af...18.dll

windows7-x64

1a2ed9d7af...18.dll

windows10-2004-x64

Sharing

General

Target

1a2ed9d7af030d031d31b5f8f0f6b9e3_JaffaCakes118
Size

166KB
Sample

240628-p2341azgkf
MD5

1a2ed9d7af030d031d31b5f8f0f6b9e3
SHA1

50719a20b13ed790c8c3078661c986a0904f9cda
SHA256

1c704dd9911e951ff3dc85c249908e2cac465f5a06d706607e33b3d1b56c7d87
SHA512

64a82741af0086e71895ae1c44e3b5d2ac277d7d0622562969662ec2bab264f8b957e4711866445d22af7a73a5860707a7d22be5139aee22b5d97808f153e609
SSDEEP

3072:OTU56gVxj27NevROEuPvisOpkTv7L2GQ6uWr:l4wRj+qYvW4uWr

Score

10^/10

ramnit banker persistence spyware stealer trojan upx worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1a2ed9d7af030d031d31b5f8f0f6b9e3_JaffaCakes118.dll

Resource

win7-20240611-en

ramnit banker persistence spyware stealer trojan upx worm

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

1a2ed9d7af030d031d31b5f8f0f6b9e3_JaffaCakes118.dll

Resource

win10v2004-20240611-en

ramnit banker spyware stealer trojan upx worm

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  1a2ed9d7af030d031d31b5f8f0f6b9e3_JaffaCakes118
- Size
  
  166KB
- MD5
  
  1a2ed9d7af030d031d31b5f8f0f6b9e3
- SHA1
  
  50719a20b13ed790c8c3078661c986a0904f9cda
- SHA256
  
  1c704dd9911e951ff3dc85c249908e2cac465f5a06d706607e33b3d1b56c7d87
- SHA512
  
  64a82741af0086e71895ae1c44e3b5d2ac277d7d0622562969662ec2bab264f8b957e4711866445d22af7a73a5860707a7d22be5139aee22b5d97808f153e609
- SSDEEP
  
  3072:OTU56gVxj27NevROEuPvisOpkTv7L2GQ6uWr:l4wRj+qYvW4uWr
Score

10^/10

ramnit banker persistence spyware stealer trojan upx worm
- Modifies WinLogon for persistence
  persistence
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

ramnitbankerpersistencespywarestealertrojanupxworm

behavioral2

ramnitbankerspywarestealertrojanupxworm

© 2018-2024

Terms | Privacy