ramnit

Sharing

Copy URL

Twitter E-mail

General

Target

301735d22d85c8cf35f3d43acdb9b0cc_JaffaCakes118
Size

6.7MB
Sample

240510-vbyz9aaf76
MD5

301735d22d85c8cf35f3d43acdb9b0cc
SHA1

fd7b9442cf2fcd8673bb6f52d048acf5a3d7a2f6
SHA256

06a7c03d5bdd96a30a32cff0ae0f587fb0e7553b40c43034b90559584adc921f
SHA512

633fa09ce9c246d9550205177e5eedcd7a0869c9ef903d0fdc8567508b55995b042b9111733a008a80ce749291cc2d011b683fa75bf8f805bfa1524aede0a697
SSDEEP

196608:iWoy+yBXZqmOrwhQpo2bg//SYOjiqXJ/rC:pMyjqdQEoTiXiqZe

Score

10^/10

Malware Config

Targets

- Target
  
  Client.dll
- Size
  
  80KB
- MD5
  
  f3b416a29e6305c489cd507e92837347
- SHA1
  
  f873f68f05d4eea07a469fe95b67552079cebe39
- SHA256
  
  32037c20b69479f81e11a9aff78c112b554d4ebe27823421e508d7cb90b120ee
- SHA512
  
  bc0546690767e468b84491edb2e58bb22d8c86df59e31feb85eb97a22a6fbf1425201fc0ee0f493eaef2287519c1752430fef95f82064bee03ef40637bb805c2
- SSDEEP
  
  1536:jr2SHjX/yaZRcMIfI6qWm3i/ukIr7nuBTLF+e4m:jrtX/yajL6i3i/iQTR+lm
Score

3^/10
behavioral1 behavioral2
- Target
  
  Launcher.exe
- Size
  
  22KB
- MD5
  
  aa13e9eb5a58de238de748f3ac473f16
- SHA1
  
  92fed74817e5ac5995961dd57010dfdd9fabe0e9
- SHA256
  
  82f2ec3be22a48f15086fbbf7b5aea027c99247a26ac2897cb205c030891ad92
- SHA512
  
  296a33d9a380abd0b22f350e162e44ceffea3310c2509f1b21161e682e64622bf9d2d02e420a9fdd0335a62ef29ecaa8ccd874c1682b39c333d9ec7c283e5199
- SSDEEP
  
  384:m+LPB3jY/QHuGziKDeOKDVrsiKDeOKDVrOB:mc53M4HIbhb+
Score

1^/10
behavioral3 behavioral4
- Target
  
  MHPClient.dll
- Size
  
  557KB
- MD5
  
  92d15b22f560d38a6a627758845326e3
- SHA1
  
  86b136868bf8b164e44ff5876bb34e5f59353011
- SHA256
  
  ef1dd047bc2e025b664b410f0fd6a721b130efe876149689b6b10c59e888914e
- SHA512
  
  3f1c3bae4cb3793bb4c957656ffb5fc7bd3c440c893b7dcd8decfd128ab614a3538a49524ec70cc934fcb5df1242eb53c96a20632fb90cdc01b89362c4e2264c
- SSDEEP
  
  6144:1e4jTFs1XpYrR2yOZO1oZoKRBzDYCnvLyd:M4jJsZpM2IoZr/zDnnvLw
Score

8^/10
- Blocklisted process makes network request
behavioral5 behavioral6
- Target
  
  MHPVerify.dll
- Size
  
  54KB
- MD5
  
  aa4b5fede73428e54f2952516e72e123
- SHA1
  
  7f2adbe28a9c50aac750f93871eec5acf7e3f14a
- SHA256
  
  93f255d3e1aae1eb0a4203675895ada8861aa7f9446b5b5211f671567cce737f
- SHA512
  
  28e90e677d6638144b29b13ee1491ff3ca4b0a0e6262f26b33a29f9410a8a246789300bfc7a442c63398ecf88d7ce675f701705452b07395759e853082425f2a
- SSDEEP
  
  768:ELuDBwF7pP2nWqBYckJR3RcpZh+kkPlEdnTEDYYOioa8Luj9lm:79wJ2nMckrc+k0Ec8Luplm
Score

1^/10
behavioral7 behavioral8
- Target
  
  Main.dll
- Size
  
  301KB
- MD5
  
  9b66f99ae52d621352f31ee931fa6e3b
- SHA1
  
  78bcd566612cd37977c87139d1c72dc0107cd588
- SHA256
  
  eeaeded37a27eb8d96ad8a02156247d0467e5eede8318d57c9589403dddc0b17
- SHA512
  
  6a8fbb74fd1872a4807c516990c59b16bd1bca607cebf35eacedbf665c7b61d100759c4b255cd2a4495603114e773cbcde7eec75e1be07585d957624cc88b334
- SSDEEP
  
  768:Wh2JMH6vwm9SHNdmgRQDHDljFlqyjGk6UILZuWxpgTOZK+5MoXeKUa:Wh2WH6vOdXCPdzriLZ3xmOZJMSe5
Score

3^/10
behavioral10 behavioral9
- Target
  
  game.exe
- Size
  
  1.9MB
- MD5
  
  2f1f6aa9bb516209c91f8c224bda0738
- SHA1
  
  3131f1060fe9344e98a4c78c316e6712199b5708
- SHA256
  
  d6ff677e5d23d5764a71c40cca9dbd9544f1f65556bac7fdd925d9c4797f22ed
- SHA512
  
  d3517dc71bbb7d02d46af040ea6ae1cd4bdf5dba6096771802e68d69b8a45e4f657a41bd2da721013383ec2cfcd16d71ce025623df74f5ae979126ef8edb01b2
- SSDEEP
  
  49152:uvVsEEpX+PGwQT50D3oolHL3B/DIFcMnial:uvVWFWnHL3F0cMnZ
Score

1^/10
behavioral11 behavioral12
- Target
  
  main.exe
- Size
  
  4.4MB
- MD5
  
  27e243244a463df81e04d4da2a6ef587
- SHA1
  
  12534044da0cd25b560bac98947948dbcc487e0a
- SHA256
  
  b68d6db558167d66ed3a18b939a1a1ea8d1a0fe421e756f0269cf3950fb3485a
- SHA512
  
  973ae8da9ff652baa6617f5cdf7bee67f3f5bb01093e0422e30670acdeb11655527d687822840ffb763cf691069b20f1166d5039a8a22d449b21b3822a7456b6
- SSDEEP
  
  98304:JrSxPnI2HnaMixxuAeL4ZrDjDDUKtgEsrDXwYG4ENS2iK4O8SecE5ljRdPZq:JrSxPnI0naMixxuAeL4ZrDjDDd7WXw+h
Score

10^/10

ramnit banker spyware stealer trojan upx worm
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral13 behavioral14
- Target
  
  msvcp100.dll
- Size
  
  411KB
- MD5
  
  03e9314004f504a14a61c3d364b62f66
- SHA1
  
  0aa3caac24fdf9d9d4c618e2bbf0a063036cd55d
- SHA256
  
  a3ba6421991241bea9c8334b62c3088f8f131ab906c3cc52113945d05016a35f
- SHA512
  
  2fcff4439d2759d93c57d49b24f28ae89b7698e284e76ac65fe2b50bdefc23a8cc3c83891d671de4e4c0f036cef810856de79ac2b028aa89a895bf35abff8c8d
- SSDEEP
  
  12288:iHEqYsrMWIqz473PTiPoH/aGhUgiW6QR7t5qv3Ooc8UHkC2eKq87:iH9YsIWIW4rPTiPofaDv3Ooc8UHkC2e8
Score

3^/10
behavioral15 behavioral16
- Target
  
  msvcr100.dll
- Size
  
  752KB
- MD5
  
  67ec459e42d3081dd8fd34356f7cafc1
- SHA1
  
  1738050616169d5b17b5adac3ff0370b8c642734
- SHA256
  
  1221a09484964a6f38af5e34ee292b9afefccb3dc6e55435fd3aaf7c235d9067
- SHA512
  
  9ed1c106df217e0b4e4fbd1f4275486ceba1d8a225d6c7e47b854b0b5e6158135b81be926f51db0ad5c624f9bd1d09282332cf064680dc9f7d287073b9686d33
- SSDEEP
  
  12288:fQmCy3NeRjkpQmj3oaMtQqjoygfXq3kon9IlbgaOxQdVJJ6j5EBKX8hR5:ImCy3VQs9MtLjTgfa3kon9FaOdEz5
Score

3^/10
behavioral17 behavioral18
- Target
  
  msvcr110.dll
- Size
  
  842KB
- MD5
  
  80e987dbe08677e2ec09615cd4358607
- SHA1
  
  d2109b7a238ae75545c7a43f863ead710b00b323
- SHA256
  
  8a06500612ce1bb0aecf052dcccce619c85be7732cbaeac4d6b26b6ae2cc7f7b
- SHA512
  
  cb876bcddb2abd97d247efca8fa602d9edf0b63fad12ebb1f4f3426e227b0a35f35db19cba2a51f4f8124df435fdcf8844728dc883ebf3662b20393958345a45
- SSDEEP
  
  12288:xmCyHnj9n4Bljr2GcLnDtv+NqjJ+RBsEOhB7YEu0AU0yx7of3K4lpmZS:xmCyHj54Bln2lt2NqjofsbhxYz0APkS
Score

3^/10
behavioral19 behavioral20
- Target
  
  msvcr120.dll
- Size
  
  940KB
- MD5
  
  9c861c079dd81762b6c54e37597b7712
- SHA1
  
  62cb65a1d79e2c5ada0c7bfc04c18693567c90d0
- SHA256
  
  ad32240bb1de55c3f5fcac8789f583a17057f9d14914c538c2a7a5ad346b341c
- SHA512
  
  3aa770d6fba8590fdcf5d263cb2b3d2fae859e29d31ad482fbfbd700bcd602a013ac2568475999ef9fb06ae666d203d97f42181ec7344cba023a8534fb13acb7
- SSDEEP
  
  24576:FkZ+EUPoH5KTcAxt/qvRQdxQxO61kCS9mmWymzVPD:FkMAlM8ixQI5C6wl
Score

1^/10
behavioral21 behavioral22
- Target
  
  ogg.dll
- Size
  
  112KB
- MD5
  
  d52e13d52eda975a5b28569d9eef508b
- SHA1
  
  a3e5bb2dadce5e2639c7d05849090d2d636ab1c4
- SHA256
  
  be1dcb457ddf2d638da81d9189b80b28b640c8f97b0a5250cabb8d4864d8befa
- SHA512
  
  79d028f351dec2f1d042d304f4c068b2ec336c985dfd087551355282658825fb630e9b1ea46901eb00740c370b086f1b9277186198340ab1f9145df311c9913b
- SSDEEP
  
  1536:VVuM21dtTFNUrXrRoi05U4zu5Sx3onHYPw/GILIeqp+zOkGAqWLq:ViHCrXrRoi0nzuu3onHYPiGTebeWLq
Score

10^/10

ramnit banker spyware stealer trojan upx worm
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
behavioral23 behavioral24
- Target
  
  trz5772.tmp
- Size
  
  357KB
- MD5
  
  fc592db8685cdad6c47f9e528ae671ec
- SHA1
  
  0a1ce4abfbab088ebf89127dd8451920f17ff1fc
- SHA256
  
  dbf5082b39704e8bccdb3dcdd00a1657b37a9100bd29886ebe08a2002ba9219e
- SHA512
  
  d0621faa1633fc701d280d91d4089f2807df30e1e8e6f313e7e2ec7832ad241e8d69b6e5ca55ad679ad1b0b8914e7cf41fed7cf6eed21f03fc2a5155c5dba1f4
- SSDEEP
  
  3072:Mh2WH6vTPdzUxmOZJTe5CBUofY84n0N4mJauZA:3JTOZJy5CmofY8WOhA
Score

3^/10
behavioral25 behavioral26
- Target
  
  trzD978.tmp
- Size
  
  4.5MB
- MD5
  
  f27ad5c69224576e82f209ee94841e2e
- SHA1
  
  6105c5f1257654ab9db559a55f031b3a90f997b6
- SHA256
  
  5c073370e0a60e5cae62836868711cd8a9369142fc7389ea38a8d4e02e56e0d2
- SHA512
  
  2f57290b786a6ac47db7b2398536c18f0953d321e644890cc73cf670abcbc595995dd7f35e27404ed9cd18a3c0ecf87e41edd292b9bb9dcbc717297773c47d53
- SSDEEP
  
  98304:qrSxPnI2HnaMixxuAeL4ZrDjDDUKtgEsrDXwYG4ENS2iK4O8SecE5ljRdPZql:qrSxPnI0naMixxuAeL4ZrDjDDd7WXw+e
Score

10^/10

ramnit banker spyware stealer trojan upx worm
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral27 behavioral28
- Target
  
  vorbisfile.dll
- Size
  
  976KB
- MD5
  
  e7250bf54e288824e61160c65a6b31df
- SHA1
  
  d160c83b363c5c910036ba6575991408b3e1582e
- SHA256
  
  525d5849837c0451edc855172917b94a1b48010c781ba48f620efb9f5e597055
- SHA512
  
  571c92306a04c0d29dd9440ff302816fb1444a236f1257eb3c816664aaa1fcaaa889b3524dbc6ddbe3c8dc4c40a500eee0f912cea2ccf173a34813b06384f7a1
- SSDEEP
  
  3072:TqGX5jydWUVF5LFTBgbsi/K4zxkZ0lm6U58BX3ZnMR0ILJ:h2dWU75LFTBusWK4CVoX3yR0
Score

10^/10

ramnit banker spyware stealer trojan upx worm
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
behavioral29 behavioral30
- Target
  
  wzAudio.dll
- Size
  
  268KB
- MD5
  
  c7641aaee28ae2c392040af3642d850b
- SHA1
  
  047e0e1e16e4e1c6eb60e9f6e4bc793c1ade19a4
- SHA256
  
  6792663fca19d91d8092f4d2757295461024708830a7e5c1bf30f977d054deea
- SHA512
  
  6433f6cf1a312ba12fe0090b1beb0729506340b4a65af82db763b21f92811014d78b9bb0a7da1359090deb78ae43b8d01f4a3dc4c46abf6fad209e075043b84f
- SSDEEP
  
  6144:ONN8HLdduUyIeD0FiGAn4Myrmr0nzuu4nH5bR:OAddkIDVKu4Z9
Score

10^/10

ramnit banker spyware stealer trojan upx worm
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Blocklisted process makes network request

Executes dropped EXE

Loads dropped DLL

UPX packed file

Ramnit

Executes dropped EXE

Loads dropped DLL

UPX packed file

Drops file in System32 directory

Ramnit

Executes dropped EXE

Loads dropped DLL

UPX packed file

Ramnit

Executes dropped EXE

Loads dropped DLL

UPX packed file

Drops file in System32 directory

Ramnit

Executes dropped EXE

Loads dropped DLL

UPX packed file

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32