ramnit | 86584928126b210987919b533525f52937b87a2877130a39d456a37ccb9ee828 | Triage

Submit
Reports

Overview

overview

Static

static

7

1a4e0616d3...18.exe

windows7-x64

7

1a4e0616d3...18.exe

windows10-2004-x64

Sharing

General

Target

1a4e0616d3bb6faaae67c2b9655b3691_JaffaCakes118
Size

792KB
Sample

240628-qr8geasbjb
MD5

1a4e0616d3bb6faaae67c2b9655b3691
SHA1

1063f0d26a161d91dec14755a65862be23f4d011
SHA256

86584928126b210987919b533525f52937b87a2877130a39d456a37ccb9ee828
SHA512

5d76bd1801a66e51d326aabc15e7fb3464590726101e72789917d287b1c5eb1afe48c4be5933f46091f555e5b7f918cb164eabfba77a131af2c92e37e3402c58
SSDEEP

12288:FEnnhoUxDJKzPNZeO+2HBtIEMt/4FylEQKvC9ss+jJwdmDHif/uuhbJ2XyiCyai:JQaZx+2jIE0/jGgPghTspJ2kyn

Score

10^/10

ramnit sality backdoor banker evasion persistence privilege_escalation spyware stealer trojan upx worm

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

1a4e0616d3bb6faaae67c2b9655b3691_JaffaCakes118.exe

Resource

win7-20240220-en

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

1a4e0616d3bb6faaae67c2b9655b3691_JaffaCakes118.exe

Resource

win10v2004-20240611-en

ramnit sality backdoor banker evasion persistence privilege_escalation spyware stealer trojan upx worm

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

- Target
  
  1a4e0616d3bb6faaae67c2b9655b3691_JaffaCakes118
- Size
  
  792KB
- MD5
  
  1a4e0616d3bb6faaae67c2b9655b3691
- SHA1
  
  1063f0d26a161d91dec14755a65862be23f4d011
- SHA256
  
  86584928126b210987919b533525f52937b87a2877130a39d456a37ccb9ee828
- SHA512
  
  5d76bd1801a66e51d326aabc15e7fb3464590726101e72789917d287b1c5eb1afe48c4be5933f46091f555e5b7f918cb164eabfba77a131af2c92e37e3402c58
- SSDEEP
  
  12288:FEnnhoUxDJKzPNZeO+2HBtIEMt/4FylEQKvC9ss+jJwdmDHif/uuhbJ2XyiCyai:JQaZx+2jIE0/jGgPghTspJ2kyn
Score

10^/10

upx ramnit sality backdoor banker evasion persistence privilege_escalation spyware stealer trojan worm
- Modifies firewall policy service
  evasion
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Abuse Elevation Control Mechanism

Bypass User Account Control

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Modify Registry

Impair Defenses

Disable or Modify Tools

Disable or Modify System Firewall

Abuse Elevation Control Mechanism

Bypass User Account Control

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

ramnitsalitybackdoorbankerevasionpersistenceprivilege_escalationspywarestealertrojanupxworm

© 2018-2024

Terms | Privacy