Overview

overview

10

Static

static

7

1a1b268d10...18.dll

windows7-x64

10

1a1b268d10...18.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1a1b268d10ffcdc3200a42370ce7ac99_JaffaCakes118

  • Size

    787KB

  • Sample

    240628-plhs5ayhnf

  • MD5

    1a1b268d10ffcdc3200a42370ce7ac99

  • SHA1

    ddcf5b4e5350f6af84f1f35072e887909c538157

  • SHA256

    fddd8a1155040392de6207873bb353228237ae61f0026a35dba6efd5fdf3329e

  • SHA512

    82558bbc7f48de0a8a3c5f1eb7d70acb5a06957bc35cda2632c0b22e5503fc21f7e22eab9c5e9d5b7fbef40adf9341209f5eae41a533f6fdfd5ba61e5ef10498

  • SSDEEP

    12288:Q7Cx0aLl21dgY5Ax5q09jpZ4AAf4jB5th6ZgvkoSVRDFLJ+3Y4:Q7Cx7Ll21+g+j1Bd6ZgvwhG3

Score
10/10
ramnitbankerevasionspywarestealertrojanupxworm

Malware Config

Targets

    • Target

      1a1b268d10ffcdc3200a42370ce7ac99_JaffaCakes118

    • Size

      787KB

    • MD5

      1a1b268d10ffcdc3200a42370ce7ac99

    • SHA1

      ddcf5b4e5350f6af84f1f35072e887909c538157

    • SHA256

      fddd8a1155040392de6207873bb353228237ae61f0026a35dba6efd5fdf3329e

    • SHA512

      82558bbc7f48de0a8a3c5f1eb7d70acb5a06957bc35cda2632c0b22e5503fc21f7e22eab9c5e9d5b7fbef40adf9341209f5eae41a533f6fdfd5ba61e5ef10498

    • SSDEEP

      12288:Q7Cx0aLl21dgY5Ax5q09jpZ4AAf4jB5th6ZgvkoSVRDFLJ+3Y4:Q7Cx7Ll21+g+j1Bd6ZgvwhG3

    Score
    10/10
    ramnitbankerspywarestealertrojanupxwormevasion

    • Modifies firewall policy service

      evasion

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

      trojanspywarestealerwormbankerramnit

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Defense Evasion

Modify Registry

1
T1112

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks