Overview

overview

10

Static

static

3

b9e1cf0fc4...18.dll

windows7-x64

10

b9e1cf0fc4...18.dll

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    b9e1cf0fc49342b3488b83f84c7c71e5_JaffaCakes118

  • Size

    193KB

  • Sample

    240823-b42r3ayfme

  • MD5

    b9e1cf0fc49342b3488b83f84c7c71e5

  • SHA1

    bd5385a2020bba8e569f29a9ad9254932cb8b939

  • SHA256

    d02be41b1413c30ec0321548195c5fbd48a8fb49605d1322854e1e64eec44446

  • SHA512

    2617556ad182186671415cf03fab41cc2fd974522f2182876bb9aa5340eb9484d43bec49e9d808f17288db5b482e78618062e9ad300ece366c2eac878fc467e8

  • SSDEEP

    3072:n73MITL/9oSmkbx3ZtffjBTnIwanLMc9CeKS3btRTkUVP:7dTpountf75Iwkz9CeKSL7bP

Score
10/10
ramnitbankerdiscoverypersistencespywarestealertrojanupxworm

Malware Config

Targets

    • Target

      b9e1cf0fc49342b3488b83f84c7c71e5_JaffaCakes118

    • Size

      193KB

    • MD5

      b9e1cf0fc49342b3488b83f84c7c71e5

    • SHA1

      bd5385a2020bba8e569f29a9ad9254932cb8b939

    • SHA256

      d02be41b1413c30ec0321548195c5fbd48a8fb49605d1322854e1e64eec44446

    • SHA512

      2617556ad182186671415cf03fab41cc2fd974522f2182876bb9aa5340eb9484d43bec49e9d808f17288db5b482e78618062e9ad300ece366c2eac878fc467e8

    • SSDEEP

      3072:n73MITL/9oSmkbx3ZtffjBTnIwanLMc9CeKS3btRTkUVP:7dTpountf75Iwkz9CeKSL7bP

    Score
    10/10
    ramnitbankerdiscoverypersistencespywarestealertrojanupxworm

    • Modifies WinLogon for persistence

      persistence

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

      trojanspywarestealerwormbankerramnit

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks