ramnit | 7f83366ac93aaabbd7d9c541c378f2fa9a89a04e9dfbcc4f5526cb0570aaa8c4 | Triage

Sharing

General

Target

a9d76eb92c737a63d473704fe27a4722_JaffaCakes118
Size

245KB
Sample

240614-qd545awaqk
MD5

a9d76eb92c737a63d473704fe27a4722
SHA1

2ff24fdbfdc05c42aa06d57aafafe3a4bd6f210a
SHA256

7f83366ac93aaabbd7d9c541c378f2fa9a89a04e9dfbcc4f5526cb0570aaa8c4
SHA512

c8dfef5ee943384da74fd319d6aef2f2ff6fff143574eb5e781191dfaf9e8bc42812590ae636a8a524a405664042b53d84e15becf977faed7f6e5e156deb3745
SSDEEP

6144:KZyLTIcCumnvXYGE3BnCEErxPOe568O25iihlQL:KAfI1dvXYGkNCEErxPYPFihlQ

Score

10^/10

ramnit banker evasion persistence spyware stealer trojan upx worm

Malware Config

Targets

- Target
  
  a9d76eb92c737a63d473704fe27a4722_JaffaCakes118
- Size
  
  245KB
- MD5
  
  a9d76eb92c737a63d473704fe27a4722
- SHA1
  
  2ff24fdbfdc05c42aa06d57aafafe3a4bd6f210a
- SHA256
  
  7f83366ac93aaabbd7d9c541c378f2fa9a89a04e9dfbcc4f5526cb0570aaa8c4
- SHA512
  
  c8dfef5ee943384da74fd319d6aef2f2ff6fff143574eb5e781191dfaf9e8bc42812590ae636a8a524a405664042b53d84e15becf977faed7f6e5e156deb3745
- SSDEEP
  
  6144:KZyLTIcCumnvXYGE3BnCEErxPOe568O25iihlQL:KAfI1dvXYGkNCEErxPYPFihlQ
Score

10^/10

ramnit banker evasion persistence spyware stealer trojan upx worm
- Modifies WinLogon for persistence
  persistence
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Drops startup file
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Create or Modify System Process

Windows Service

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Modify Registry

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

ramnitbankerevasionpersistencespywarestealertrojanupxworm

behavioral2

ramnitbankerevasionpersistencespywarestealertrojanupxworm