Overview

overview

10

Static

static

5

3d9c1936e0...18.exe

windows7-x64

10

3d9c1936e0...18.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    3d9c1936e0abe5ba631f9e96be1f0b54_JaffaCakes118

  • Size

    159KB

  • Sample

    241013-eamb3a1hmp

  • MD5

    3d9c1936e0abe5ba631f9e96be1f0b54

  • SHA1

    915c6c86b1f9fc006fde90e6f69ea626552714f6

  • SHA256

    e1ff83bc75d77151037983e62535f2bbe38122cb1ab1de146042faab3df49387

  • SHA512

    0e015c30ef2d848e02896d4b168b1a3fcf447276d320a8356d0da4aa8b6ce0e5e09e64786b9c6dbde022080f36264e2f65845ebe021a5a3ec41cdaa95b8d1c5c

  • SSDEEP

    1536:K5oln+NoxSIwBNE7dSxMDA7/qrlQ0gErUvxHEAnHx/eOKyiJ5teEEcSn9ki7j3ej:K52nIvIwcUQAWh+EoEABBibtNaP7j3rU

Score
10/10
ramnitbankerdiscoveryevasionpersistencespywarestealertrojanupxworm

Malware Config

Targets

    • Target

      3d9c1936e0abe5ba631f9e96be1f0b54_JaffaCakes118

    • Size

      159KB

    • MD5

      3d9c1936e0abe5ba631f9e96be1f0b54

    • SHA1

      915c6c86b1f9fc006fde90e6f69ea626552714f6

    • SHA256

      e1ff83bc75d77151037983e62535f2bbe38122cb1ab1de146042faab3df49387

    • SHA512

      0e015c30ef2d848e02896d4b168b1a3fcf447276d320a8356d0da4aa8b6ce0e5e09e64786b9c6dbde022080f36264e2f65845ebe021a5a3ec41cdaa95b8d1c5c

    • SSDEEP

      1536:K5oln+NoxSIwBNE7dSxMDA7/qrlQ0gErUvxHEAnHx/eOKyiJ5teEEcSn9ki7j3ej:K52nIvIwcUQAWh+EoEABBibtNaP7j3rU

    Score
    10/10
    ramnitbankerdiscoveryevasionpersistencespywarestealertrojanupxworm

    • Modifies WinLogon for persistence

      persistence

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

      trojanspywarestealerwormbankerramnit

    • Event Triggered Execution: Image File Execution Options Injection

      persistence

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Winlogon Helper DLL

1
T1547.004

Event Triggered Execution

2
T1546

Change Default File Association

1
T1546.001

Image File Execution Options Injection

1
T1546.012

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Winlogon Helper DLL

1
T1547.004

Event Triggered Execution

2
T1546

Change Default File Association

1
T1546.001

Image File Execution Options Injection

1
T1546.012

Defense Evasion

Hide Artifacts

1
T1564

Hidden Files and Directories

1
T1564.001

Modify Registry

4
T1112

Credential Access

Discovery

Peripheral Device Discovery

1
T1120

Query Registry

1
T1012

System Information Discovery

2
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks