ramnit | 79a92391e6dbcec703f9457d09588838dff2bd7425a2578e391b5faaecb6b031 | Triage

Submit
Reports

Overview

overview

Static

static

3

d5181d8b3d...18.dll

windows7-x64

d5181d8b3d...18.dll

windows10-2004-x64

Sharing

General

Target

d5181d8b3d1488c0f58a8cf5bfc04867_JaffaCakes118
Size

308KB
Sample

241208-ec1mga1mb1
MD5

d5181d8b3d1488c0f58a8cf5bfc04867
SHA1

7b0c89d3d06c02b49f0a8a8affc7ebe2106ffd75
SHA256

79a92391e6dbcec703f9457d09588838dff2bd7425a2578e391b5faaecb6b031
SHA512

a2967c0e10c26e7912e754fe6e07f8d7eb5e984d9a5fce60e7fb15db030c522304a06215ef5172c2553aad8d56defe1e4eea2e0b9958a691eabe6fdf81df5f25
SSDEEP

3072:FYy0DkGJJo3Eu5pjkoxjZUcfiQ7lb3ST39tuoX2V8uCCVhHXcfYNLVzlDMy6cAF+:cHJo37xjyaiQRi79GV8ufHsfwXecA/U

Score

10^/10

ramnit banker discovery evasion persistence spyware stealer trojan upx worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d5181d8b3d1488c0f58a8cf5bfc04867_JaffaCakes118.dll

Resource

win7-20240729-en

ramnit banker discovery evasion persistence spyware stealer trojan upx worm

windows7-x64

23 signatures

150 seconds

Behavioral task

behavioral2

Sample

d5181d8b3d1488c0f58a8cf5bfc04867_JaffaCakes118.dll

Resource

win10v2004-20241007-en

ramnit banker discovery evasion spyware stealer trojan upx worm

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Targets

- Target
  
  d5181d8b3d1488c0f58a8cf5bfc04867_JaffaCakes118
- Size
  
  308KB
- MD5
  
  d5181d8b3d1488c0f58a8cf5bfc04867
- SHA1
  
  7b0c89d3d06c02b49f0a8a8affc7ebe2106ffd75
- SHA256
  
  79a92391e6dbcec703f9457d09588838dff2bd7425a2578e391b5faaecb6b031
- SHA512
  
  a2967c0e10c26e7912e754fe6e07f8d7eb5e984d9a5fce60e7fb15db030c522304a06215ef5172c2553aad8d56defe1e4eea2e0b9958a691eabe6fdf81df5f25
- SSDEEP
  
  3072:FYy0DkGJJo3Eu5pjkoxjZUcfiQ7lb3ST39tuoX2V8uCCVhHXcfYNLVzlDMy6cAF+:cHJo37xjyaiQRi79GV8ufHsfwXecA/U
Score

10^/10

ramnit banker discovery evasion persistence spyware stealer trojan upx worm
- Modifies WinLogon for persistence
  persistence
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Ramnit family
  ramnit
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Create or Modify System Process

Windows Service

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Create or Modify System Process

Windows Service

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify System Firewall

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ramnitbankerdiscoveryevasionpersistencespywarestealertrojanupxworm

behavioral2

ramnitbankerdiscoveryevasionspywarestealertrojanupxworm

© 2018-2025

Terms | Privacy