Overview

overview

10

Static

static

3

b0954c2944...18.dll

windows7-x64

10

b0954c2944...18.dll

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    b0954c2944313272eef6e43dcf2bdd54_JaffaCakes118

  • Size

    132KB

  • Sample

    240820-yhdjnszfkd

  • MD5

    b0954c2944313272eef6e43dcf2bdd54

  • SHA1

    332fe9ae25a5ff7d5c24c041233e2f02f98e40de

  • SHA256

    cba3efdee665f6753dc2cc99bc7609b747b10d6aaa9e9790d2020ca725d74685

  • SHA512

    1b7cd270c1f9caf6c747748cc62ad360c080cf57a297b4cf904b9876a624acea944d93cfce7596d91fbb0976cc788acc6a55a6ec54c72084da03cd1c9f9965d4

  • SSDEEP

    1536:v2o6nwzfqmUSa4Ndg+VCxAvf/PqhXnzyP5xC1VXfbJpeU4KyQ5G0OYvVkoE:+o6nwLqrSa4I+VCOHHCRQU4S5GBWVLE

Score
10/10
ramnitbankerdiscoverypersistencespywarestealertrojanupxworm

Malware Config

Targets

    • Target

      b0954c2944313272eef6e43dcf2bdd54_JaffaCakes118

    • Size

      132KB

    • MD5

      b0954c2944313272eef6e43dcf2bdd54

    • SHA1

      332fe9ae25a5ff7d5c24c041233e2f02f98e40de

    • SHA256

      cba3efdee665f6753dc2cc99bc7609b747b10d6aaa9e9790d2020ca725d74685

    • SHA512

      1b7cd270c1f9caf6c747748cc62ad360c080cf57a297b4cf904b9876a624acea944d93cfce7596d91fbb0976cc788acc6a55a6ec54c72084da03cd1c9f9965d4

    • SSDEEP

      1536:v2o6nwzfqmUSa4Ndg+VCxAvf/PqhXnzyP5xC1VXfbJpeU4KyQ5G0OYvVkoE:+o6nwLqrSa4I+VCOHHCRQU4S5GBWVLE

    Score
    10/10
    ramnitbankerdiscoverypersistencespywarestealertrojanupxworm

    • Modifies WinLogon for persistence

      persistence

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

      trojanspywarestealerwormbankerramnit

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks