ramnit | 842b4fe285be06cd55310be5b82bd4acbfeaa5596692cb74a0b8c79d1164f25f | Triage

Sharing

General

Target

745ff8ee815c17ad90bff97cc60288c1_JaffaCakes118
Size

160KB
Sample

240726-rej4qawcna
MD5

745ff8ee815c17ad90bff97cc60288c1
SHA1

b6537aed49baf2d5cac4d2f2a68bd91fdb5cc066
SHA256

842b4fe285be06cd55310be5b82bd4acbfeaa5596692cb74a0b8c79d1164f25f
SHA512

c4f281ec645e83cd200dbc322e04170d61eac09562ca33fd4fb01562e16a8087e1957556d5ca16a76aa78870478cd1bf7a7117c944a114326d5387c7eba56daa
SSDEEP

3072:CBno0flsXMeR/aBvKsdjcC463tvwm3od0teaY/JPfMhqdB:Clo0fGa1lcC/U02/JPfMhK

Score

10^/10

ramnit banker discovery spyware stealer trojan upx worm

Malware Config

Targets

- Target
  
  745ff8ee815c17ad90bff97cc60288c1_JaffaCakes118
- Size
  
  160KB
- MD5
  
  745ff8ee815c17ad90bff97cc60288c1
- SHA1
  
  b6537aed49baf2d5cac4d2f2a68bd91fdb5cc066
- SHA256
  
  842b4fe285be06cd55310be5b82bd4acbfeaa5596692cb74a0b8c79d1164f25f
- SHA512
  
  c4f281ec645e83cd200dbc322e04170d61eac09562ca33fd4fb01562e16a8087e1957556d5ca16a76aa78870478cd1bf7a7117c944a114326d5387c7eba56daa
- SSDEEP
  
  3072:CBno0flsXMeR/aBvKsdjcC463tvwm3od0teaY/JPfMhqdB:Clo0fGa1lcC/U02/JPfMhK
Score

10^/10

ramnit banker discovery spyware stealer trojan upx worm
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ramnitbankerdiscoveryspywarestealertrojanupxworm

behavioral2