ramnit | c0178f7878f0dfb9c0a9a3db0867e69684b59d4e5203918f42e2b77192e4beca | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

cea91942b0...18.exe

windows7-x64

cea91942b0...18.exe

windows10-2004-x64

Sharing

General

Target

cea91942b015b2f94856e18870a22dfc_JaffaCakes118
Size

264KB
Sample

240906-e5h8wsxajg
MD5

cea91942b015b2f94856e18870a22dfc
SHA1

d8f326ca51837e522feb62e18e665308824979cd
SHA256

c0178f7878f0dfb9c0a9a3db0867e69684b59d4e5203918f42e2b77192e4beca
SHA512

ac1ae882a052dd49287cfd8c8eb176b90051d6d1254b6f84ecb695cab08067d7f2dad6cc6a8b80cc7a9c8a46c65272a3836b4bee2684c483af6d3b587296dfed
SSDEEP

3072:DSFUZ+sa7PgW0CLVI/lRR1zypUfTjBJ1698x8qFgmqH1fEO7G0eDjtoMRo1TWAeA:tWFVI/lRR1WpkGjpEGeXtldA

Score

10^/10

ramnit banker discovery evasion persistence spyware stealer trojan upx worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

cea91942b015b2f94856e18870a22dfc_JaffaCakes118.exe

Resource

win7-20240704-en

ramnit banker discovery evasion persistence spyware stealer trojan upx worm

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

cea91942b015b2f94856e18870a22dfc_JaffaCakes118.exe

Resource

win10v2004-20240802-en

ramnit banker discovery evasion persistence spyware stealer trojan upx worm

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  cea91942b015b2f94856e18870a22dfc_JaffaCakes118
- Size
  
  264KB
- MD5
  
  cea91942b015b2f94856e18870a22dfc
- SHA1
  
  d8f326ca51837e522feb62e18e665308824979cd
- SHA256
  
  c0178f7878f0dfb9c0a9a3db0867e69684b59d4e5203918f42e2b77192e4beca
- SHA512
  
  ac1ae882a052dd49287cfd8c8eb176b90051d6d1254b6f84ecb695cab08067d7f2dad6cc6a8b80cc7a9c8a46c65272a3836b4bee2684c483af6d3b587296dfed
- SSDEEP
  
  3072:DSFUZ+sa7PgW0CLVI/lRR1zypUfTjBJ1698x8qFgmqH1fEO7G0eDjtoMRo1TWAeA:tWFVI/lRR1WpkGjpEGeXtldA
Score

10^/10

ramnit banker discovery evasion persistence spyware stealer trojan upx worm
- Modifies firewall policy service
  evasion
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ramnitbankerdiscoveryevasionpersistencespywarestealertrojanupxworm

behavioral2

ramnitbankerdiscoveryevasionpersistencespywarestealertrojanupxworm

© 2018-2025

Terms | Privacy