ramnit | 92a2ba7862cc023cf08fbe7c0d2f0f26db5ba277e2e4075df123fa96a61f0e9d | Triage

Submit
Reports

Overview

overview

Static

static

7

6ea63b19ab...18.exe

windows7-x64

6ea63b19ab...18.exe

windows10-2004-x64

Sharing

General

Target

6ea63b19ab915004dbcdd897be2732ea_JaffaCakes118
Size

232KB
Sample

240524-qlyp1sff56
MD5

6ea63b19ab915004dbcdd897be2732ea
SHA1

0dfd7c640613bb5d0e6f9e65ea08ccb9be3d69bd
SHA256

92a2ba7862cc023cf08fbe7c0d2f0f26db5ba277e2e4075df123fa96a61f0e9d
SHA512

2316ff43980fe1814973cfd91f38d3f35ac8b141da9011ebfcadedb51c5aa4cec4b5fa589c38696a6d7002770fdb5d5c32cccdd7e1a3379b57dbd3400713c35c
SSDEEP

6144:6jz6KSJDcvupfIuy/9i9UAKj2iwSJr6wY20tMPB/Ah1:ySGvBVoUiiwSJr6pJMPBi1

Score

10^/10

ramnit banker evasion spyware stealer trojan upx worm

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

6ea63b19ab915004dbcdd897be2732ea_JaffaCakes118.exe

Resource

win7-20240215-en

ramnit banker spyware stealer trojan upx worm

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

6ea63b19ab915004dbcdd897be2732ea_JaffaCakes118.exe

Resource

win10v2004-20240508-en

ramnit banker evasion spyware stealer trojan upx worm

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  6ea63b19ab915004dbcdd897be2732ea_JaffaCakes118
- Size
  
  232KB
- MD5
  
  6ea63b19ab915004dbcdd897be2732ea
- SHA1
  
  0dfd7c640613bb5d0e6f9e65ea08ccb9be3d69bd
- SHA256
  
  92a2ba7862cc023cf08fbe7c0d2f0f26db5ba277e2e4075df123fa96a61f0e9d
- SHA512
  
  2316ff43980fe1814973cfd91f38d3f35ac8b141da9011ebfcadedb51c5aa4cec4b5fa589c38696a6d7002770fdb5d5c32cccdd7e1a3379b57dbd3400713c35c
- SSDEEP
  
  6144:6jz6KSJDcvupfIuy/9i9UAKj2iwSJr6wY20tMPB/Ah1:ySGvBVoUiiwSJr6pJMPBi1
Score

10^/10

ramnit banker spyware stealer trojan upx worm evasion
- Modifies firewall policy service
  evasion
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

ramnitbankerspywarestealertrojanupxworm

behavioral2

ramnitbankerevasionspywarestealertrojanupxworm

© 2018-2024

Terms | Privacy