Overview

overview

10

Static

static

3

12590d7738...18.dll

windows7-x64

10

12590d7738...18.dll

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    12590d7738fef97ed0e1bbcda8c37b43_JaffaCakes118

  • Size

    752KB

  • Sample

    241004-h1ddmavdng

  • MD5

    12590d7738fef97ed0e1bbcda8c37b43

  • SHA1

    284c7d127c415b3a2e65c921305ba42a3cbee736

  • SHA256

    caec1dc31453bbb65c421124b116bd91a950d30a48ce768fb2f7f10e3c5145f9

  • SHA512

    c815e5661ee74a8f22f350cc827a50e837c37abfa812b3041d6f8ff6cfcd8aef351cfd50230f6a800746d66d415a0cdd90d9ebe29a04899df35e8c3e206dd77a

  • SSDEEP

    12288:F0ywjWtUO+Oke04VGUl6vhOiue+bhPrRx4vSZqB7Y0lnMyC2+E5ktM0:CCwsdPJyC295k7

Score
10/10
ramnitbankerdiscoverypersistencespywarestealertrojanupxworm

Malware Config

Targets

    • Target

      12590d7738fef97ed0e1bbcda8c37b43_JaffaCakes118

    • Size

      752KB

    • MD5

      12590d7738fef97ed0e1bbcda8c37b43

    • SHA1

      284c7d127c415b3a2e65c921305ba42a3cbee736

    • SHA256

      caec1dc31453bbb65c421124b116bd91a950d30a48ce768fb2f7f10e3c5145f9

    • SHA512

      c815e5661ee74a8f22f350cc827a50e837c37abfa812b3041d6f8ff6cfcd8aef351cfd50230f6a800746d66d415a0cdd90d9ebe29a04899df35e8c3e206dd77a

    • SSDEEP

      12288:F0ywjWtUO+Oke04VGUl6vhOiue+bhPrRx4vSZqB7Y0lnMyC2+E5ktM0:CCwsdPJyC295k7

    Score
    10/10
    ramnitbankerdiscoverypersistencespywarestealertrojanupxworm

    • Modifies WinLogon for persistence

      persistence

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

      trojanspywarestealerwormbankerramnit

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks