ramnit | 5dcc1f23c9a32892f18643fffe7bfcc7f68b75773311b8ae7a12b920152be48b | Triage

Submit
Reports

Overview

overview

Static

static

3

1850cdc7ab...18.exe

windows7-x64

1850cdc7ab...18.exe

windows10-2004-x64

Sharing

General

Target

1850cdc7ab0916f9fd881be094209075_JaffaCakes118
Size

176KB
Sample

240628-b1jgbawgqk
MD5

1850cdc7ab0916f9fd881be094209075
SHA1

5f1236e5e9f1bd238e0ae515370eaee77c46dff6
SHA256

5dcc1f23c9a32892f18643fffe7bfcc7f68b75773311b8ae7a12b920152be48b
SHA512

ccfa9f0c49a2524fe3759d34f55667c9526d4deebf8eab0635605496ba7c390d96bc506b5d3fa4b5dfc66b1382910116383463f8a1bc8d28aef4399806ec1bc2
SSDEEP

3072:WfkVD1BSqao9c3HwsanTdgyOxsP+f+7jV0xZtSyo7Ng1TTFAgJQs/:W4Sqjc3HsTaxoqMGkm1TTyhs/

Score

10^/10

ramnit sality backdoor banker evasion spyware stealer trojan upx worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1850cdc7ab0916f9fd881be094209075_JaffaCakes118.exe

Resource

win7-20240508-en

ramnit sality backdoor banker evasion spyware stealer trojan upx worm

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

1850cdc7ab0916f9fd881be094209075_JaffaCakes118.exe

Resource

win10v2004-20240508-en

ramnit sality backdoor banker evasion spyware stealer trojan upx worm

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

- Target
  
  1850cdc7ab0916f9fd881be094209075_JaffaCakes118
- Size
  
  176KB
- MD5
  
  1850cdc7ab0916f9fd881be094209075
- SHA1
  
  5f1236e5e9f1bd238e0ae515370eaee77c46dff6
- SHA256
  
  5dcc1f23c9a32892f18643fffe7bfcc7f68b75773311b8ae7a12b920152be48b
- SHA512
  
  ccfa9f0c49a2524fe3759d34f55667c9526d4deebf8eab0635605496ba7c390d96bc506b5d3fa4b5dfc66b1382910116383463f8a1bc8d28aef4399806ec1bc2
- SSDEEP
  
  3072:WfkVD1BSqao9c3HwsanTdgyOxsP+f+7jV0xZtSyo7Ng1TTFAgJQs/:W4Sqjc3HsTaxoqMGkm1TTyhs/
Score

10^/10

ramnit sality backdoor banker evasion spyware stealer trojan upx worm
- Modifies firewall policy service
  evasion
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Create or Modify System Process

Windows Service

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify System Firewall

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ramnitsalitybackdoorbankerevasionspywarestealertrojanupxworm

behavioral2

ramnitsalitybackdoorbankerevasionspywarestealertrojanupxworm

© 2018-2024

Terms | Privacy