Overview

overview

10

Static

static

3

3ff8f2cb1c...18.exe

windows7-x64

10

3ff8f2cb1c...18.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    3ff8f2cb1c8ef63ac2ccdd14304de26f_JaffaCakes118

  • Size

    166KB

  • Sample

    240713-dsdxzawbld

  • MD5

    3ff8f2cb1c8ef63ac2ccdd14304de26f

  • SHA1

    af6653079201e811844ddd97921b2b83da873e17

  • SHA256

    0f0abe61b13bf37baa3f608a1ce6741a8837e6f783dfb3420795446e2553070c

  • SHA512

    4e65de1e08f31deb1185b4c1e4fc72c4b85e4bdbbb8b5a331462ca26e08e0e6ef99e56f959740479f47ce7991352fcd96c4c92ae878e9a393705e1157ceceb22

  • SSDEEP

    3072:qdKFOoL16A4gVr9kYaQBqaFM2oVhyAn1+c:mKF/LAFgVrwwM2uf1L

Score
10/10
ramnitbankerpersistencespywarestealertrojanupxworm

Malware Config

Targets

    • Target

      3ff8f2cb1c8ef63ac2ccdd14304de26f_JaffaCakes118

    • Size

      166KB

    • MD5

      3ff8f2cb1c8ef63ac2ccdd14304de26f

    • SHA1

      af6653079201e811844ddd97921b2b83da873e17

    • SHA256

      0f0abe61b13bf37baa3f608a1ce6741a8837e6f783dfb3420795446e2553070c

    • SHA512

      4e65de1e08f31deb1185b4c1e4fc72c4b85e4bdbbb8b5a331462ca26e08e0e6ef99e56f959740479f47ce7991352fcd96c4c92ae878e9a393705e1157ceceb22

    • SSDEEP

      3072:qdKFOoL16A4gVr9kYaQBqaFM2oVhyAn1+c:mKF/LAFgVrwwM2uf1L

    Score
    10/10
    ramnitbankerpersistencespywarestealertrojanupxworm

    • Modifies WinLogon for persistence

      persistence

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

      trojanspywarestealerwormbankerramnit

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks