ramnit

Sharing

Copy URL

Twitter E-mail

General

Target

698020a6be072ea51b7d567211d9e7b3_JaffaCakes118
Size

50.6MB
Sample

240523-dbxczsbd95
MD5

698020a6be072ea51b7d567211d9e7b3
SHA1

450806dfd7417595acae53348facaefe9e59ad84
SHA256

e51bac091a171091098a61a2706c410ff7896d04f1f82bcec6c8b42447544805
SHA512

b3e42c904f0c7ca1da8b5ac34b50b750457870f244209847496b435080874bb0d0de5ac2f8544621838b6038600aeac084ade9a45720df9d27afcb129c8199ad
SSDEEP

1572864:Q+EAwSRiSpQ9tig0IkEdQvWEO6/iSJCkvfh7D2KuI:3wMCXiek7uEogh7D2A

Score

10^/10

Malware Config

Targets

- Target
  
  698020a6be072ea51b7d567211d9e7b3_JaffaCakes118
- Size
  
  50.6MB
- MD5
  
  698020a6be072ea51b7d567211d9e7b3
- SHA1
  
  450806dfd7417595acae53348facaefe9e59ad84
- SHA256
  
  e51bac091a171091098a61a2706c410ff7896d04f1f82bcec6c8b42447544805
- SHA512
  
  b3e42c904f0c7ca1da8b5ac34b50b750457870f244209847496b435080874bb0d0de5ac2f8544621838b6038600aeac084ade9a45720df9d27afcb129c8199ad
- SSDEEP
  
  1572864:Q+EAwSRiSpQ9tig0IkEdQvWEO6/iSJCkvfh7D2KuI:3wMCXiek7uEogh7D2A
Score

10^/10

ramnit banker spyware stealer trojan upx worm
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/ButtonEvent.dll
- Size
  
  4KB
- MD5
  
  fad9d09fc0267e8513b8628e767b2604
- SHA1
  
  bea76a7621c07b30ed90bedef4d608a5b9e15300
- SHA256
  
  5d913c6be9c9e13801acc5d78b11d9f3cd42c1b3b3cad8272eb6e1bfb06730c2
- SHA512
  
  b39c5ea8aea0640f5a32a1fc03e8c8382a621c168980b3bc5e2897932878003b2b8ef75b3ad68149c35420d652143e2ef763b6a47d84ec73621017f0273e2805
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/MyNsisExtend.dll
- Size
  
  596KB
- MD5
  
  37e4e1ab9aee0596c2fa5888357a63b0
- SHA1
  
  a5dba8c0a1bd936dca2b6a81f2dc9a3005f1a2b6
- SHA256
  
  ff4b245fea98cedd881ca102468623a449a0b40df0c557dd8a6ea32e788d56fe
- SHA512
  
  5cbab2872683079c6cc09423a2baf7107b5ac5731f336cd237fa93a4a4ee53a127963dc0ec0dbc6168b9b3d2c3a881c7663ce4ecd84d964628dd566395d49bb3
- SSDEEP
  
  12288:1QXznhWxifqPG8yDAay0BQeMrtQW27ZJ6ObWTE5lqtmsVsIdj:1QXznYybPJnWTE5lqwsKG
Score

10^/10

ramnit banker spyware stealer trojan upx worm
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/NSISdl.dll
- Size
  
  14KB
- MD5
  
  a5f8399a743ab7f9c88c645c35b1ebb5
- SHA1
  
  168f3c158913b0367bf79fa413357fbe97018191
- SHA256
  
  dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9
- SHA512
  
  824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977
- SSDEEP
  
  192:tUZTobBDJ68r67wmsvJI5ad9cXzFOVu+mZ/P3p+57CvpVqDxVp01Dwn2GRPgsfA:6Bo/680dCI5adOjFOg9//p27uNw2Go
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  67KB
- MD5
  
  bd05feb8825b15dcdd9100d478f04e17
- SHA1
  
  a67d82be96a439ce1c5400740da5c528f7f550e0
- SHA256
  
  4972cca9555b7e5dcb6feef63605305193835ea63f343df78902bbcd432ba496
- SHA512
  
  67f1894c79bbcef4c7fedd91e33ec48617d5d34c2d9ebcd700c935b7fe1b08971d4c68a71d5281abac97e62d6b8c8f318cc6ff15ea210ddcf21ff04a9e5a7f95
- SSDEEP
  
  1536:2IfbmtOpUtoqoQvfDrghNT+2w8mbJ1/NfSttVx:bfi4GoqVvbaNXubJ1JI
Score

10^/10

ramnit banker spyware stealer trojan upx worm
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/locate.dll
- Size
  
  17KB
- MD5
  
  7d3317f57c1a368480ace3c0ca804eeb
- SHA1
  
  d4c7e185bc64aac82339f51ba6c21cf0713c9f1a
- SHA256
  
  d88a04c1e39db583eaad727fd390fe599ab10198ee040bfbdd22daefadbd2372
- SHA512
  
  5598c2e6caa2f66edd48f8c8305e054d4b0740b5f2b7ed92cf197a13ac66ba99a32013d34b3c2e28d007ab7979eb90a50681324eb736b1410e7df1902e4ec32a
- SSDEEP
  
  384:ev/vPBkA6dK8wiLe45naPji7hpx2kRV+qgm:evyvwiNnGji7Xxjc8
Score

3^/10
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  c10e04dd4ad4277d5adc951bb331c777
- SHA1
  
  b1e30808198a3ae6d6d1cca62df8893dc2a7ad43
- SHA256
  
  e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a
- SHA512
  
  853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e
- SSDEEP
  
  96:hBABCcnl5TKhkfLxSslykcxM2DjDf3GE+Xv8Xav+Yx4VndY7ndS27gA:h6n+0SAfRE+/8ZYxMdqn420
Score

3^/10
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/nsRandom.dll
- Size
  
  77KB
- MD5
  
  d86b2899f423931131b696ff659aa7ed
- SHA1
  
  007ca98f5d7921fe26fb9b8bd8a822dd5ae09ed6
- SHA256
  
  8935cba8e9b276daa357a809e0eca3bebf3fdc6d0d3466ab37fb2cbbfacd3a94
- SHA512
  
  9a4437ab484e4e22597c642d21b0107a063a208a582df3a5bf276466ad8d0ba9aeebac6de8dcf1372939984bb187d58e94c799918cfbe80e85c958bf0a537fc7
- SSDEEP
  
  1536:/lKXi95r2UwOpUtoqoQvfDrghNT+2w8mbJ1/NfSttVx:sgr2eGoqVvbaNXubJ1JI
Score

10^/10

ramnit banker spyware stealer trojan upx worm
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
behavioral15 behavioral16
- Target
  
  $PLUGINSDIR/xml.dll
- Size
  
  175KB
- MD5
  
  0ad70d0ebf9562e53f2fd9518c3b04a3
- SHA1
  
  4de4487e4d1e87b782eceb3b74d9510cc28b0c70
- SHA256
  
  3bd4a099f0e0eefeaacfdba6c0ab760b6e9250167ba6a30eafaa668ca53ce5e9
- SHA512
  
  f75e089f7eb44071f227cd9705b8e44982429f889f93230e98095aac60afc1bdd39a010787235c171cd9fb9ead8023043b147022ab007e8cf1c3204064905719
- SSDEEP
  
  3072:vzjLkarn7O+n9z2L6whFtGF42bKgGoqVvbaNXubJ1JI:vzP7n7O7L6K2lqVvWIdjI
Score

10^/10

ramnit banker spyware stealer trojan upx worm
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
behavioral17 behavioral18
- Target
  
  $TEMP/$_89_/MyNsisSkin.dll
- Size
  
  384KB
- MD5
  
  a6039ed51a4c143794345b29f5f09c64
- SHA1
  
  ef08cb5dfa598d9d5b43b8af49f54b2c7dac00d4
- SHA256
  
  95ae945504972cadcf2ccfb2b3d02ea8cade3ee53f2f2082e8b40b61f660877a
- SHA512
  
  0ed3d0c070bfd91e2355aec5a30ad5cbaf6949c965af5e0ee1ecf2edd5f5aeba3819b4667a0301f8b52c8fd56d3bae35fa4f77063d56c8f89055784d0c0a30a8
- SSDEEP
  
  6144:yOrNKQjNQnWqJolkFucBm1fXr9ICcYerKJbYm3IyU5qVvWIdjI:y4NKQjNQfqOuEm1fXncdrKJbJgtIdj
Score

10^/10

ramnit banker spyware stealer trojan upx worm
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
behavioral19 behavioral20
- Target
  
  IGHT HACK 2009.exe
- Size
  
  10.9MB
- MD5
  
  fba74ba6f31f3dc11a0cf37419a8535a
- SHA1
  
  1418671f8a07a88658a5d00d61ea9d309ec199e1
- SHA256
  
  f69738d7afd8ba6196b65b4ce1be886cf911b5bdf188663f87127e4d532ff74b
- SHA512
  
  03332e1d97046a0797ef33324ff848531ce867a79e7b7d87e1044a5c2a93229238bb7db87e7ee246c0afe0705a7a2ff84483f3b8f3965add42078435cb4cdf3a
- SSDEEP
  
  196608:B9DF3gtf30cJGe6uTl9UFQA27bmuTlAbn4SxJeexEXFsFF65/oBsQQ:B73If30cJGer0B277ALtMCEXEFMMDQ
Score

1^/10
behavioral21 behavioral22
- Target
  
  KailleraClient.dll
- Size
  
  31KB
- MD5
  
  556d7b02a310438694ef2c99a6f916c0
- SHA1
  
  54dccd82fea94544012963c32eeb491dd5253234
- SHA256
  
  ef92ab4990079626ad402537ba05a9116ef48f1734081a433c5a5edc6ae79706
- SHA512
  
  890c6bcdce98d774162567dd739f54ab3a5c9d3562c19296a9cab752d73022c38491a4e1aa365c896cc62d7862fbd75f1b3e29d60eb088d555181c13dd045e9b
- SSDEEP
  
  768:2diLLbKGYg0H17PJc/3zJlQpn2YPrAR5tfP5k0cb/:KKXOP17PerAY+ARDBLk/
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral23 behavioral24
- Target
  
  MenuRes.dll
- Size
  
  212KB
- MD5
  
  07ddfae24bc83bba3c0a218ca7a5ae0d
- SHA1
  
  ed34ca6e9bd81ccada2d21ba086033166d6f719e
- SHA256
  
  9e2f7291cb47e41bce7002a534b2f3845a819e674d9c887f3f0fda1cdf0a8ead
- SHA512
  
  691bae3a11d894ffe5dbce1d29c41bffb98a4fb63ed9df16442e8822e513ee8fa293fbf244653f16e6c63ceef0d0b8bffe1f7f61410f8a3ae0e3bbd4c49cc0cc
- SSDEEP
  
  768:LTZC7f93nnqvQCDN3HY31S4gSyIF+jgG596x2y/lLw8hLgzw:LTZFy/lLZ+w
Score

1^/10
behavioral25 behavioral26
- Target
  
  Plugins/BILINEAR.DLL
- Size
  
  4KB
- MD5
  
  bf6f6fb662d778213cff462021a99d79
- SHA1
  
  d7fd55131106dc75533b809ea9011d16227a22af
- SHA256
  
  49296daa1bf5d4f288e93dc812b9312089c8642284f30ff703ff358ee89beec5
- SHA512
  
  b89aec98481c3205d73bad34d00f20b9a8a07032029af618d8aa324e3fec9fcd4e07417082db756d73f6b4d0313d6568a10bbe353773b572fea1e52a31983933
- SSDEEP
  
  24:etGS4NBII/qXXPP3C7qRKgctuDHl73pWuslqMujgy5pSd+lwNxJ3KynB:64NwnPP3iq3Dx70zqM5JUKayn
Score

1^/10
behavioral27 behavioral28
- Target
  
  Plugins/aviout.dll
- Size
  
  172KB
- MD5
  
  831f80c5ebf1f0b5ed35a7936fff16f0
- SHA1
  
  57b85ceb848c7547f8b4eb2ba4282670b64bd6c8
- SHA256
  
  f4c9531f0cd2c1d1e0f516e8282e88ec97c5bd65f6db3e02dadfc31d79e9af1a
- SHA512
  
  961eb8acae8501463353813471316dd55d384c0780eba0ab483011638cb635afe98f39c722f21ae44de651917d32eea336b8e1e3cf763b1393cdb479076228f7
- SSDEEP
  
  1536:QEJ57McjQOIEKWTrL0ltyhpuG5lv2RVKUIJnvHo9+N:Qe5wcjQjpWTroltyhwCv4ytvHo9+N
Score

1^/10
behavioral29 behavioral30
- Target
  
  Plugins/bilinearlight.dll
- Size
  
  4KB
- MD5
  
  722ebb5a52b3e4a815400a5f31309352
- SHA1
  
  601dbb0f73f0309cf3a8cf9782c72c45621874e7
- SHA256
  
  d5f02b45ddff88a8ea18b8119eda4e6bd78d56e42eb215f87f6205bd658bc576
- SHA512
  
  1cdcf2d327f90800dbff4e9d3bb20db09d9cb1a1b9cad2c70d9fb20c21fb2b125a23cb3fe9af52fefcf013813a6a4805fcfa7fc9811ded9ce9407928ce6816db
- SSDEEP
  
  24:etGSPOHucIo1DGgGDc7XyPOfaRKqtzHlw3pv2qFslqMujgy5pSd+lBzzJFtGItts:6POOC6xDYiPOCpwN2DqM5JUp92It/e
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Targets

Executes dropped EXE

Loads dropped DLL

UPX packed file

Ramnit

Executes dropped EXE

Loads dropped DLL

UPX packed file

Drops file in System32 directory

Ramnit

Executes dropped EXE

Loads dropped DLL

UPX packed file

Drops file in System32 directory

Ramnit

Executes dropped EXE

Loads dropped DLL

UPX packed file

Drops file in System32 directory

Ramnit

Executes dropped EXE

Loads dropped DLL

UPX packed file

Drops file in System32 directory

Ramnit

Executes dropped EXE

Loads dropped DLL

UPX packed file

Drops file in System32 directory

UPX packed file

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32