ramnit | 8f8821498d949c99ccb37134291c28a9125194bdfcbe06abe76910e7257465e9 | Triage

Submit
Reports

Overview

overview

Static

static

3

fbe9d1bfec...18.dll

windows7-x64

fbe9d1bfec...18.dll

windows10-2004-x64

7

Sharing

General

Target

fbe9d1bfecd4f46894f1e3570a010399_JaffaCakes118
Size

540KB
Sample

240420-ex5f6ahb3w
MD5

fbe9d1bfecd4f46894f1e3570a010399
SHA1

8f971b1d5880600111f7dfdade059f13038bc799
SHA256

8f8821498d949c99ccb37134291c28a9125194bdfcbe06abe76910e7257465e9
SHA512

63fc5edf97e6893f0954ccba988336438f22d2ea9f4f34ed4eb44fd7c614ea506c360a020eb57141bf0d4cecce3d6194e342529fafbf7325ab69629917fc327d
SSDEEP

6144:D08qM+fa7dCKdMF9qLWVHFOTNdTRfMI8suV:D08q67dCKdMfqL0HiHU

Score

10^/10

ramnit banker persistence spyware stealer trojan upx worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

fbe9d1bfecd4f46894f1e3570a010399_JaffaCakes118.dll

Resource

win7-20240215-en

ramnit banker persistence spyware stealer trojan upx worm

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

fbe9d1bfecd4f46894f1e3570a010399_JaffaCakes118.dll

Resource

win10v2004-20240412-en

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Targets

- Target
  
  fbe9d1bfecd4f46894f1e3570a010399_JaffaCakes118
- Size
  
  540KB
- MD5
  
  fbe9d1bfecd4f46894f1e3570a010399
- SHA1
  
  8f971b1d5880600111f7dfdade059f13038bc799
- SHA256
  
  8f8821498d949c99ccb37134291c28a9125194bdfcbe06abe76910e7257465e9
- SHA512
  
  63fc5edf97e6893f0954ccba988336438f22d2ea9f4f34ed4eb44fd7c614ea506c360a020eb57141bf0d4cecce3d6194e342529fafbf7325ab69629917fc327d
- SSDEEP
  
  6144:D08qM+fa7dCKdMF9qLWVHFOTNdTRfMI8suV:D08q67dCKdMfqL0HiHU
Score

10^/10

ramnit banker persistence spyware stealer trojan upx worm
- Modifies WinLogon for persistence
  persistence
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

ramnitbankerpersistencespywarestealertrojanupxworm

behavioral2

© 2018-2024

Terms | Privacy