ramnit | f6ee60a900a8722afb00a898908f545fe46d0fdc4d5611fa76cf4e1757b3f22a | Triage

Submit
Reports

Overview

overview

Static

static

3

0941125c7a...18.dll

windows7-x64

0941125c7a...18.dll

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

0941125c7a50d8e99534b98cf386ed3f_JaffaCakes118
Size

166KB
Sample

240624-slw8assbrr
MD5

0941125c7a50d8e99534b98cf386ed3f
SHA1

97f895820bea60b4de8fb86e5f365ec90cace7ff
SHA256

f6ee60a900a8722afb00a898908f545fe46d0fdc4d5611fa76cf4e1757b3f22a
SHA512

5e4558ebb8dc55893e568f31041e1f835e50a4e589e0bc5261a2cc67035def3980137ef403a26a9a2aaeefd094c6e5841b8db1822780ab6b8b79e29daeeaf2f0
SSDEEP

3072:kTU56gVxj27Nel6fewiVWFZWm7TR1uNZT:34jfGWyK8N

Score

10^/10

ramnit banker persistence spyware stealer trojan upx worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

0941125c7a50d8e99534b98cf386ed3f_JaffaCakes118.dll

Resource

win7-20240508-en

ramnit banker persistence spyware stealer trojan upx worm

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

0941125c7a50d8e99534b98cf386ed3f_JaffaCakes118.dll

Resource

win10v2004-20240611-en

ramnit banker spyware stealer trojan upx worm

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  0941125c7a50d8e99534b98cf386ed3f_JaffaCakes118
- Size
  
  166KB
- MD5
  
  0941125c7a50d8e99534b98cf386ed3f
- SHA1
  
  97f895820bea60b4de8fb86e5f365ec90cace7ff
- SHA256
  
  f6ee60a900a8722afb00a898908f545fe46d0fdc4d5611fa76cf4e1757b3f22a
- SHA512
  
  5e4558ebb8dc55893e568f31041e1f835e50a4e589e0bc5261a2cc67035def3980137ef403a26a9a2aaeefd094c6e5841b8db1822780ab6b8b79e29daeeaf2f0
- SSDEEP
  
  3072:kTU56gVxj27Nel6fewiVWFZWm7TR1uNZT:34jfGWyK8N
Score

10^/10

ramnit banker persistence spyware stealer trojan upx worm
- Modifies WinLogon for persistence
  persistence
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ramnitbankerpersistencespywarestealertrojanupxworm

behavioral2

ramnitbankerspywarestealertrojanupxworm

© 2018-2025

Terms | Privacy