ramnit | 6dca98452222c44286ef99ebc16aae2c7434bf2ad4aa9206ecd89b3f55459abe | Triage

Submit
Reports

Overview

overview

Static

static

7

6bec38d030...18.exe

windows7-x64

6bec38d030...18.exe

windows10-2004-x64

Sharing

General

Target

6bec38d0302aee4aee65758b4803191c_JaffaCakes118
Size

107KB
Sample

240523-xf8rcscd59
MD5

6bec38d0302aee4aee65758b4803191c
SHA1

8772ff6579eca89f6d644326b8f0821ece71eb7e
SHA256

6dca98452222c44286ef99ebc16aae2c7434bf2ad4aa9206ecd89b3f55459abe
SHA512

9e2bd07d45062c2ba52dd4d59bc2b9f43b380e77d83ba34d2ce7c8cfd23f90cf1de9b2034099717ef7a328832ab3e5a340013969e1da049afa61978c477d1ab9
SSDEEP

1536:Myta9lxYNLHaJZHYCsVInIez/8jY0o4Bda0EWhz9Ps2Go+HOnjJFWhgKHMwtUg:a8AHYonVjB0ouxPSVQegg

Score

10^/10

ramnit banker persistence spyware stealer trojan upx worm

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

6bec38d0302aee4aee65758b4803191c_JaffaCakes118.exe

Resource

win7-20240508-en

ramnit banker persistence spyware stealer trojan upx worm

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

6bec38d0302aee4aee65758b4803191c_JaffaCakes118.exe

Resource

win10v2004-20240508-en

ramnit banker persistence spyware stealer trojan upx worm

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Targets

- Target
  
  6bec38d0302aee4aee65758b4803191c_JaffaCakes118
- Size
  
  107KB
- MD5
  
  6bec38d0302aee4aee65758b4803191c
- SHA1
  
  8772ff6579eca89f6d644326b8f0821ece71eb7e
- SHA256
  
  6dca98452222c44286ef99ebc16aae2c7434bf2ad4aa9206ecd89b3f55459abe
- SHA512
  
  9e2bd07d45062c2ba52dd4d59bc2b9f43b380e77d83ba34d2ce7c8cfd23f90cf1de9b2034099717ef7a328832ab3e5a340013969e1da049afa61978c477d1ab9
- SSDEEP
  
  1536:Myta9lxYNLHaJZHYCsVInIez/8jY0o4Bda0EWhz9Ps2Go+HOnjJFWhgKHMwtUg:a8AHYonVjB0ouxPSVQegg
Score

10^/10

ramnit banker persistence spyware stealer trojan upx worm
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Creates a Windows Service
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ramnitbankerpersistencespywarestealertrojanupxworm

behavioral2

ramnitbankerpersistencespywarestealertrojanupxworm

© 2018-2024

Terms | Privacy