Overview

overview

10

Static

static

3

1adf0d5608...18.dll

windows7-x64

10

1adf0d5608...18.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1adf0d560866732a66a6c227fa3765a0_JaffaCakes118

  • Size

    885KB

  • Sample

    240701-l3wjrsydjn

  • MD5

    1adf0d560866732a66a6c227fa3765a0

  • SHA1

    64f91d3f02b829e6e6844391937886a7f5c5a5f1

  • SHA256

    2474d389b05dd2d08b201de73548d3acd8fbf0e2df76259be3e0264b34b23a38

  • SHA512

    35082be2e70baf12b4f903a3459eb3ed457b2dfa3b2b0a17e108e9244b689bc8e66b5460bbac54639522c895190fde637c00b02e53c54ef2a08349b713eb168f

  • SSDEEP

    24576:qL5/rmRsmDWDPNuFhPvYrpLYHSfcoopooLY9Nu0P+Fhp1:QK5hPILYHSfeY9nWFhz

Score
10/10
ramnitbankerpersistencespywarestealertrojanupxworm

Malware Config

Targets

    • Target

      1adf0d560866732a66a6c227fa3765a0_JaffaCakes118

    • Size

      885KB

    • MD5

      1adf0d560866732a66a6c227fa3765a0

    • SHA1

      64f91d3f02b829e6e6844391937886a7f5c5a5f1

    • SHA256

      2474d389b05dd2d08b201de73548d3acd8fbf0e2df76259be3e0264b34b23a38

    • SHA512

      35082be2e70baf12b4f903a3459eb3ed457b2dfa3b2b0a17e108e9244b689bc8e66b5460bbac54639522c895190fde637c00b02e53c54ef2a08349b713eb168f

    • SSDEEP

      24576:qL5/rmRsmDWDPNuFhPvYrpLYHSfcoopooLY9Nu0P+Fhp1:QK5hPILYHSfeY9nWFhz

    Score
    10/10
    ramnitbankerpersistencespywarestealertrojanupxworm

    • Modifies WinLogon for persistence

      persistence

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

      trojanspywarestealerwormbankerramnit

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Winlogon Helper DLL

1
T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Winlogon Helper DLL

1
T1547.004

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks