ramnit | 52fe23c277e28799c50afb344f5bd09b79ef6734bd485be208d191c27dc5fffa | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a15f498f11fd2a1c2d157a5c3a7e2353_JaffaCakes118
Size

10.9MB
Sample

240612-t7fccawapj
MD5

a15f498f11fd2a1c2d157a5c3a7e2353
SHA1

1b2538119de08f134cd328a1409d36986269da79
SHA256

52fe23c277e28799c50afb344f5bd09b79ef6734bd485be208d191c27dc5fffa
SHA512

dbd754b2132597ff8a102040860564f195a0932a20fb10f3ca290c7dce381139b6ecd745f4eb3270970e0ae227591ce8a776e14699d07560f7f7cd4033b8f71f
SSDEEP

196608:MAyp7P/yr2wN3bC/XKGc1Hp5r9LtJ8EW5imOwrLE0WeYd4CpOg4ycPIb7:4r/u2wA/XKbRLH8RimoEg4ycQX

Score

10^/10

ramnit banker spyware stealer trojan upx worm

Malware Config

Targets

- Target
  
  ?????????2????1.0.01/????????2???1.0.01b.exe
- Size
  
  11.0MB
- MD5
  
  f03f89f0a52274b059b2d88a413b3e2d
- SHA1
  
  83298068a06202d592e6d09dd24d1a84cc1c2eaf
- SHA256
  
  d67ecac58b04225f7a1603c4c2062569dc2f7d71624744b750c674b1b2ae65f5
- SHA512
  
  f1421d51f8c77170dd0b80567f5dc8891e7b6deede42c7c56b3f5dd6be5cfb68b05e2f3bb34b3e6ccb5dd8317871f2dbfc40de6706c536c65104a680a3882588
- SSDEEP
  
  196608:62Wy/DP941Q2RTJaTzUGMXF75xzBplaAkRkwqYTXeqOscl4EpEm8kSFa3d:VT92Q2GTzUNBB3avkwe6m8kS4N
Score

3^/10
behavioral1 behavioral2
- Target
  
  $EXEDIR/VanHelsing_x64.exe
- Size
  
  17.4MB
- MD5
  
  91472abbb3d9440d4a6e2d61b53c9e4f
- SHA1
  
  84170144c88b4d04d1ba950e10e292c47a571480
- SHA256
  
  1d1b8de12af692b546070566e4a6c32e8cc03f32ba8c4650c922682ce2ebc830
- SHA512
  
  4720353adc3aabf52fea440f02a43cbcb12e696b2c1c18817e9523ee3c451b18029aa0f896a6d1842f83f724b0a3d435d4206c651de3fcb7d54a45b4692db9dc
- SSDEEP
  
  393216:gbJ2PTxkHIFoSd2Q6OoVduuT19DVPwQB:Y5p
Score

1^/10
behavioral3 behavioral4
- Target
  
  $EXEDIR/VanHelsing_x86.exe
- Size
  
  14.0MB
- MD5
  
  d0a23415c3b21f1c69263783c400353e
- SHA1
  
  3b3d107a2a54a61e1d154427b6cf38bb610b47aa
- SHA256
  
  39b044a4b41e5bd0c561a7e6417aaffeec0ca524671087ce7e777a0a4c9ba4cc
- SHA512
  
  410b92bbc2ba5b8a3b1a621a5d91a2d6b816880fe63973555afd237728521636c2152259165fcd03da05fffe4442dbdd24f8da77ebb93ed931d419f208a9a479
- SSDEEP
  
  393216:wceLAGgnmuo8yYBYozMfbBRW89fz4Jl8SI:wFkXRVBY2MlRWqLS8S
Score

1^/10
behavioral5 behavioral6
- Target
  
  $EXEDIR/steam_api.dll
- Size
  
  251KB
- MD5
  
  1e45a03d84807d6fd13b9893c9613fbe
- SHA1
  
  53de1b6bd2d14254ec762eebe9f57e79f4ebe9c8
- SHA256
  
  eacd425af27334df81851600ddba5e3fdb9d4e127167db5ecf68874f0de3ade4
- SHA512
  
  4d8821b72091fcb86c7d35b415f18e2fc891f04353a7792c5a88415cf9b6afe8391cb02a28006682434981bd720ca41c1d7cbcefb28dad475caa191ab81705c2
- SSDEEP
  
  6144:cpJ2OfmFdVcBsjEnKDOPPmsq9xCfuABPMNl0KpVrYbE5wFq:Iwdhjx7sWxCfun0UrYAGq
Score

1^/10
behavioral7 behavioral8
- Target
  
  $EXEDIR/steam_api64.dll
- Size
  
  289KB
- MD5
  
  89abc8bd818ae2db107eaf690b4a9edb
- SHA1
  
  26ae56a2b4464bedb0a1ac68f9ed1d6929464771
- SHA256
  
  9d31aceb310b1341bb46e50e7e8fc6978d96d4ee83c55907c2952bed2e1bb346
- SHA512
  
  bc54f8db607518bfb1b1e4c36393a380acfbce9b37e878101026c587cdbb092faf8097754b805cdaf6887bba49644eece3544af867219615bc6ec5d53f767f93
- SSDEEP
  
  6144:uERBdaL6DPSn9a1BGH73N61i6SDl+NDFxFig6zRjvD5vtchgM3XLexi:uERuES73qis1FL6zV5tchgaXLex
Score

1^/10
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/AdvSplash.dll
- Size
  
  6KB
- MD5
  
  a1bba35c752b36f575350cb7ddf238e4
- SHA1
  
  9603b691ae71d4fbc7a14dbb837bd97cecac8aab
- SHA256
  
  0667863d71a3021ab844069b6dd0485f874bf638af478ab11c6fb8b7d6c834b6
- SHA512
  
  eb5d3498dd994bec42a437cf91343665d3c35bfe3f6277a7393af6a0b8348772c3166d9be48955edddf6ef79fa508ec8d4f96d7d5df37ecdc52c90042e0a2967
- SSDEEP
  
  96:6ONSXIcmYjkvTS6MnBNZ1BMjDfhkkEkkXstWpiwoS:sXIpzTSd1BSk/kJtWpi
Score

3^/10
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/NSISdl.dll
- Size
  
  14KB
- MD5
  
  254f13dfd61c5b7d2119eb2550491e1d
- SHA1
  
  5083f6804ee3475f3698ab9e68611b0128e22fd6
- SHA256
  
  fd0e8be2135f3d326b65520383a3468c3983fa32c9c93594d986b16709d80f28
- SHA512
  
  fcef8ac5bd0ee6e316dbbc128a223ba18c8bf85a8d253e0c0877af6a4f686a20b08d34e5a426e2be5045962b391b8073769253a4d9b18616febc8133ccf654f7
- SSDEEP
  
  192:t5ZTobBDJ68r67wmsvJI5ad9cXzFOVu+mZ/P3p+57CvpVqDxVp01Dwn2GRYgsfA:fBo/680dCI5adOjFOg9//p27uNw2bo
Score

3^/10
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  124KB
- MD5
  
  a5aba2154379a3272c28df43ad342017
- SHA1
  
  caaa0fdb1e6aa4369a6b2c751f7bed89f7fd5d8d
- SHA256
  
  ab8e9bff458b2e07c0d8ea42b473303b6a6199a9d549401049006b0bc807a9e2
- SHA512
  
  530121bacbfc8c08bc214f434a2e6e4a8e7b48078c771456f8d0f00b8a07b86de2a248e7cbc8f10f0fc4354519cc990a93ae3b1beae00426cecfb63a037b9d29
- SSDEEP
  
  1536:xIfbm6gv1TPn3QvVIaoAsvVSeSesAdHXjgGkP/jCKQmF3FYkcnvTY1rM:+finznHXxSe7znkD5p5FYtbY1o
Score

10^/10

ramnit banker spyware stealer trojan upx worm
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
behavioral15 behavioral16
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  ab73c0c2a23f913eabdc4cb24b75cbad
- SHA1
  
  6569d2863d54c88dcf57c843fc310f6d9571a41e
- SHA256
  
  3d0060c5c9400a487dbefe4ac132dd96b07d3a4ba3badab46a7410a667c93457
- SHA512
  
  99d287b5152944f64edc7ce8f3ebcd294699e54a5b42ac7a88e27dff8a68278a5429f4d299802ee7ddbe290f1e3b6a372a5f3bb4ecb1a3c32e384bca3ccdb2b8
- SSDEEP
  
  96:EBABCcnl5TKhkfLxSslykcxM2DjDf3GE+Xv8Xav+Yx4MndY7ndS27gA:E6n+0SAfRE+/8ZYxldqn420
Score

3^/10
behavioral17 behavioral18

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

ramnitbankerspywarestealertrojanupxworm

behavioral16

ramnitbankerspywarestealertrojanupxworm

behavioral17

behavioral18