ramnit | 034dbd537e80ca69eda3418922f06e583776f41c48e55ea33848fb5c98e548da | Triage

Sharing

General

Target

7790adf60e7cc8e5686a01d8ac17fa3b_JaffaCakes118
Size

125KB
Sample

240727-kkhdra1arh
MD5

7790adf60e7cc8e5686a01d8ac17fa3b
SHA1

876f65226232c47193a3ff624306a6dd3cd3b046
SHA256

034dbd537e80ca69eda3418922f06e583776f41c48e55ea33848fb5c98e548da
SHA512

8df216c65ee24b3fb54ba6e50ac31c121188c264ca3ddbd5451c797faf3509c93ddeb782a8978583b23128c5bd20d1b53b0f75ff2f4767fa0121fa6e959460f5
SSDEEP

1536:LpXfGxKjqArOgFm7BYUfng9fMGQkINB1EqKaJyznnggLUqPoQ:1XO2qwWZnkfIkIWqK+Agg4TQ

Score

10^/10

ramnit banker discovery evasion spyware stealer trojan upx worm

Malware Config

Targets

- Target
  
  7790adf60e7cc8e5686a01d8ac17fa3b_JaffaCakes118
- Size
  
  125KB
- MD5
  
  7790adf60e7cc8e5686a01d8ac17fa3b
- SHA1
  
  876f65226232c47193a3ff624306a6dd3cd3b046
- SHA256
  
  034dbd537e80ca69eda3418922f06e583776f41c48e55ea33848fb5c98e548da
- SHA512
  
  8df216c65ee24b3fb54ba6e50ac31c121188c264ca3ddbd5451c797faf3509c93ddeb782a8978583b23128c5bd20d1b53b0f75ff2f4767fa0121fa6e959460f5
- SSDEEP
  
  1536:LpXfGxKjqArOgFm7BYUfng9fMGQkINB1EqKaJyznnggLUqPoQ:1XO2qwWZnkfIkIWqK+Agg4TQ
Score

10^/10

ramnit banker discovery spyware stealer trojan upx worm evasion
- Modifies firewall policy service
  evasion
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Drops file in Drivers directory
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ramnitbankerdiscoveryspywarestealertrojanupxworm

behavioral2

ramnitbankerdiscoveryevasionspywarestealertrojanupxworm