ramnit | 28275e93219610855522bcfe34afb25f571c5eeedfa805ca2689d3ce7bba9086 | Triage

Submit
Reports

Overview

overview

Static

static

7

1be78540dc...18.dll

windows7-x64

1be78540dc...18.dll

windows10-2004-x64

Sharing

General

Target

1be78540dc5a5d2a6d82abbd8139f57e_JaffaCakes118
Size

157KB
Sample

240701-v7bvlavbjq
MD5

1be78540dc5a5d2a6d82abbd8139f57e
SHA1

85fe7c0656e61aaad685c77b44c58cc21a594006
SHA256

28275e93219610855522bcfe34afb25f571c5eeedfa805ca2689d3ce7bba9086
SHA512

a941f982eec5e1860333fe7f391035265513af457f239173682194a8ce556bbcd061062fc08ed74871386012306f2199c69fd2b1810fcc7ec171954aec93d3d7
SSDEEP

3072:wxbjR9outXvCOS8DD8RAenjlGvLKFhK+hHnO+nQOtsL25QdZr94:wxfnoSnDqn5ALmM+hHtQjSEZ54

Score

10^/10

ramnit banker evasion spyware stealer trojan upx worm

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

1be78540dc5a5d2a6d82abbd8139f57e_JaffaCakes118.dll

Resource

win7-20240220-en

ramnit banker spyware stealer trojan upx worm

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

1be78540dc5a5d2a6d82abbd8139f57e_JaffaCakes118.dll

Resource

win10v2004-20240508-en

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  1be78540dc5a5d2a6d82abbd8139f57e_JaffaCakes118
- Size
  
  157KB
- MD5
  
  1be78540dc5a5d2a6d82abbd8139f57e
- SHA1
  
  85fe7c0656e61aaad685c77b44c58cc21a594006
- SHA256
  
  28275e93219610855522bcfe34afb25f571c5eeedfa805ca2689d3ce7bba9086
- SHA512
  
  a941f982eec5e1860333fe7f391035265513af457f239173682194a8ce556bbcd061062fc08ed74871386012306f2199c69fd2b1810fcc7ec171954aec93d3d7
- SSDEEP
  
  3072:wxbjR9outXvCOS8DD8RAenjlGvLKFhK+hHnO+nQOtsL25QdZr94:wxfnoSnDqn5ALmM+hHtQjSEZ54
Score

10^/10

ramnit banker spyware stealer trojan upx worm evasion
- Modifies firewall policy service
  evasion
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

ramnitbankerspywarestealertrojanupxworm

behavioral2

© 2018-2024

Terms | Privacy