ramnit | 341ab731a7c571c1ec28d7fb65a8631e2ea0b1f09d6e91fd84b1b434bfc25702 | Triage

Submit
Reports

Overview

overview

Static

static

3

53b756b308...18.dll

windows7-x64

53b756b308...18.dll

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

53b756b30815bf7990113d49b7e43bc7_JaffaCakes118
Size

328KB
Sample

241017-zvhvlawdqa
MD5

53b756b30815bf7990113d49b7e43bc7
SHA1

358cf07a85413fd1a273754984714b725200d59c
SHA256

341ab731a7c571c1ec28d7fb65a8631e2ea0b1f09d6e91fd84b1b434bfc25702
SHA512

9fd75f921f0601a17716c353d228cf2018d3de73f455d888d612188babb064410de63969a88a2caf7b8cb8fe7711bf2d5383a04ddccfafdbccbf44d7c254bdec
SSDEEP

6144:Il9XgnzxOP/sFR2h+9q1kih6ibUxrp3/vIyRdd1G0lt9zy:IlCzcMg+9YkDiQ3/QG14

Score

10^/10

ramnit banker discovery persistence spyware stealer trojan upx worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

53b756b30815bf7990113d49b7e43bc7_JaffaCakes118.dll

Resource

win7-20240708-en

ramnit banker discovery persistence spyware stealer trojan upx worm

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

53b756b30815bf7990113d49b7e43bc7_JaffaCakes118.dll

Resource

win10v2004-20241007-en

ramnit banker discovery spyware stealer trojan upx worm

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  53b756b30815bf7990113d49b7e43bc7_JaffaCakes118
- Size
  
  328KB
- MD5
  
  53b756b30815bf7990113d49b7e43bc7
- SHA1
  
  358cf07a85413fd1a273754984714b725200d59c
- SHA256
  
  341ab731a7c571c1ec28d7fb65a8631e2ea0b1f09d6e91fd84b1b434bfc25702
- SHA512
  
  9fd75f921f0601a17716c353d228cf2018d3de73f455d888d612188babb064410de63969a88a2caf7b8cb8fe7711bf2d5383a04ddccfafdbccbf44d7c254bdec
- SSDEEP
  
  6144:Il9XgnzxOP/sFR2h+9q1kih6ibUxrp3/vIyRdd1G0lt9zy:IlCzcMg+9YkDiQ3/QG14
Score

10^/10

ramnit banker discovery persistence spyware stealer trojan upx worm
- Modifies WinLogon for persistence
  persistence
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ramnitbankerdiscoverypersistencespywarestealertrojanupxworm

behavioral2

ramnitbankerdiscoveryspywarestealertrojanupxworm

© 2018-2025

Terms | Privacy