ramnit | e46d3cd472a14b20a710b0eb7227d203decdcf8b8becda61ca4253dbd6b883d7 | Triage

Sharing

General

Target

9815cda2e9bd11d544501355fcf96d3a_JaffaCakes118
Size

171KB
Sample

241125-apdw1stmdn
MD5

9815cda2e9bd11d544501355fcf96d3a
SHA1

b71979adc86f8cc1a50a7c66ed886b9381a13d1c
SHA256

e46d3cd472a14b20a710b0eb7227d203decdcf8b8becda61ca4253dbd6b883d7
SHA512

263558042f218ce520d53143bb0a646572bfb7b8c9680b35cb10a75ba17152c7a1d69d5e67889cc06b956d6451d1fd436171680e8915af74a19cf9a79f64e0a2
SSDEEP

3072:ksOycta3QtosQysRqVrK0nE2HT82D374VA/EmftmAiNMR:ksOttkNIE2HT82D37rsAiNMR

Score

10^/10

ramnit banker discovery evasion persistence spyware stealer trojan worm

Malware Config

Targets

- Target
  
  9815cda2e9bd11d544501355fcf96d3a_JaffaCakes118
- Size
  
  171KB
- MD5
  
  9815cda2e9bd11d544501355fcf96d3a
- SHA1
  
  b71979adc86f8cc1a50a7c66ed886b9381a13d1c
- SHA256
  
  e46d3cd472a14b20a710b0eb7227d203decdcf8b8becda61ca4253dbd6b883d7
- SHA512
  
  263558042f218ce520d53143bb0a646572bfb7b8c9680b35cb10a75ba17152c7a1d69d5e67889cc06b956d6451d1fd436171680e8915af74a19cf9a79f64e0a2
- SSDEEP
  
  3072:ksOycta3QtosQysRqVrK0nE2HT82D374VA/EmftmAiNMR:ksOttkNIE2HT82D37rsAiNMR
Score

10^/10

ramnit banker discovery evasion persistence spyware stealer trojan worm
- Modifies WinLogon for persistence
  persistence
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Ramnit family
  ramnit
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Create or Modify System Process

Windows Service

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Create or Modify System Process

Windows Service

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify System Firewall

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ramnitbankerdiscoveryevasionpersistencespywarestealertrojanworm

behavioral2