ramnit | 4c8b9e8fd6de1ff5a98e6140da0b0fac4ec7a331ef4cd529ff5b012a7342ad10 | Triage

Submit
Reports

Overview

overview

Static

static

3

1fc07c4847...18.exe

windows7-x64

1fc07c4847...18.exe

windows10-2004-x64

Sharing

General

Target

1fc07c484706bae06fb3dc02d6f44bde_JaffaCakes118
Size

186KB
Sample

240702-sf8zxascpr
MD5

1fc07c484706bae06fb3dc02d6f44bde
SHA1

0575d93fb741ccd3f96c70885854ee9f304b704d
SHA256

4c8b9e8fd6de1ff5a98e6140da0b0fac4ec7a331ef4cd529ff5b012a7342ad10
SHA512

2e89426b844d90b59dea0dd2bc06b06c087ec4f518d6aee57c4c0c8898d4e4bfe8a061467d25f54c9d398007889630b8245673cd6e282db3cab33da1f4dbd0c2
SSDEEP

3072:uBKwcvdwuxdWikJR/RMqIgNytCMxA6LeERHP0E1WVKjbsTg:uBKwcvdneWlBtCAA6LoFAPx

Score

10^/10

ramnit banker persistence spyware stealer trojan upx worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1fc07c484706bae06fb3dc02d6f44bde_JaffaCakes118.exe

Resource

win7-20240508-en

ramnit banker persistence spyware stealer trojan upx worm

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

1fc07c484706bae06fb3dc02d6f44bde_JaffaCakes118.exe

Resource

win10v2004-20240508-en

ramnit banker spyware stealer trojan upx worm

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  1fc07c484706bae06fb3dc02d6f44bde_JaffaCakes118
- Size
  
  186KB
- MD5
  
  1fc07c484706bae06fb3dc02d6f44bde
- SHA1
  
  0575d93fb741ccd3f96c70885854ee9f304b704d
- SHA256
  
  4c8b9e8fd6de1ff5a98e6140da0b0fac4ec7a331ef4cd529ff5b012a7342ad10
- SHA512
  
  2e89426b844d90b59dea0dd2bc06b06c087ec4f518d6aee57c4c0c8898d4e4bfe8a061467d25f54c9d398007889630b8245673cd6e282db3cab33da1f4dbd0c2
- SSDEEP
  
  3072:uBKwcvdwuxdWikJR/RMqIgNytCMxA6LeERHP0E1WVKjbsTg:uBKwcvdneWlBtCAA6LoFAPx
Score

10^/10

ramnit banker persistence spyware stealer trojan upx worm
- Modifies WinLogon for persistence
  persistence
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

ramnitbankerpersistencespywarestealertrojanupxworm

behavioral2

ramnitbankerspywarestealertrojanupxworm

© 2018-2024

Terms | Privacy