ramnit | 9567fe10e815c505de5d83bc33b02e8f28d7379caa6e5599f7acd8444d897d52 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

899f7a7e45...18.dll

windows7-x64

899f7a7e45...18.dll

windows10-2004-x64

Sharing

General

Target

899f7a7e45a4da66ddd2be41d57ff085_JaffaCakes118
Size

670KB
Sample

240811-jzxasavhrc
MD5

899f7a7e45a4da66ddd2be41d57ff085
SHA1

4409693bbe1a94c939589d0086552f7327755994
SHA256

9567fe10e815c505de5d83bc33b02e8f28d7379caa6e5599f7acd8444d897d52
SHA512

e3583b5742d833f31fd16669b7788c0476662f70996e23386364dd1ad4b79aa0d96c60e59d179150954f331872148ad7e892b3073e51ec7e6730f7749e372e30
SSDEEP

12288:jbg04agUYlothAbgr1sya/vdnx1MHQbRLSnvB:jbnGshAUr1EHRmQbRLSvB

Score

10^/10

ramnit banker discovery evasion spyware stealer trojan upx worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

899f7a7e45a4da66ddd2be41d57ff085_JaffaCakes118.dll

Resource

win7-20240704-en

ramnit banker discovery spyware stealer trojan upx worm

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

899f7a7e45a4da66ddd2be41d57ff085_JaffaCakes118.dll

Resource

win10v2004-20240802-en

ramnit banker discovery evasion spyware stealer trojan upx worm

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  899f7a7e45a4da66ddd2be41d57ff085_JaffaCakes118
- Size
  
  670KB
- MD5
  
  899f7a7e45a4da66ddd2be41d57ff085
- SHA1
  
  4409693bbe1a94c939589d0086552f7327755994
- SHA256
  
  9567fe10e815c505de5d83bc33b02e8f28d7379caa6e5599f7acd8444d897d52
- SHA512
  
  e3583b5742d833f31fd16669b7788c0476662f70996e23386364dd1ad4b79aa0d96c60e59d179150954f331872148ad7e892b3073e51ec7e6730f7749e372e30
- SSDEEP
  
  12288:jbg04agUYlothAbgr1sya/vdnx1MHQbRLSnvB:jbnGshAUr1EHRmQbRLSvB
Score

10^/10

ramnit banker discovery spyware stealer trojan upx worm evasion
- Modifies firewall policy service
  evasion
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ramnitbankerdiscoveryspywarestealertrojanupxworm

behavioral2

ramnitbankerdiscoveryevasionspywarestealertrojanupxworm

© 2018-2025

Terms | Privacy