ramnit | 14b6cc6d4bc4b8fe9f9acf272321e33b18917c76b5e88c8d6a24ce230894c0ea | Triage

Submit
Reports

Overview

overview

Static

static

3

ef9be66ef0...18.dll

windows7-x64

ef9be66ef0...18.dll

windows10-2004-x64

Sharing

General

Target

ef9be66ef0e85ac80bc5f15d1036a137_JaffaCakes118
Size

349KB
Sample

241214-tntqmayqgl
MD5

ef9be66ef0e85ac80bc5f15d1036a137
SHA1

37fa0e0e62962d9d99b6b29dea63de5a7d81e3f1
SHA256

14b6cc6d4bc4b8fe9f9acf272321e33b18917c76b5e88c8d6a24ce230894c0ea
SHA512

fc71a3e092a41d1b857f04b48b1cb8e4057d5219fa7f61c1cc9c77d5ed461080df1b561fa8697fc045f1339d4f13d9f96f4a226d1f9347d75dc85f9aee8ab1ec
SSDEEP

3072:m1os9i5SgHjPzBSH/5ww77EMKRvkQ8QE9O/sy61AhXwOS4dlsQIhf7g/m8nt1TQl:AovBZvckMmXlsPcWJp

Score

10^/10

ramnit banker discovery spyware stealer trojan upx worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ef9be66ef0e85ac80bc5f15d1036a137_JaffaCakes118.dll

Resource

win7-20241010-en

ramnit banker discovery spyware stealer trojan upx worm

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

ef9be66ef0e85ac80bc5f15d1036a137_JaffaCakes118.dll

Resource

win10v2004-20241007-en

ramnit banker discovery spyware stealer trojan upx worm

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  ef9be66ef0e85ac80bc5f15d1036a137_JaffaCakes118
- Size
  
  349KB
- MD5
  
  ef9be66ef0e85ac80bc5f15d1036a137
- SHA1
  
  37fa0e0e62962d9d99b6b29dea63de5a7d81e3f1
- SHA256
  
  14b6cc6d4bc4b8fe9f9acf272321e33b18917c76b5e88c8d6a24ce230894c0ea
- SHA512
  
  fc71a3e092a41d1b857f04b48b1cb8e4057d5219fa7f61c1cc9c77d5ed461080df1b561fa8697fc045f1339d4f13d9f96f4a226d1f9347d75dc85f9aee8ab1ec
- SSDEEP
  
  3072:m1os9i5SgHjPzBSH/5ww77EMKRvkQ8QE9O/sy61AhXwOS4dlsQIhf7g/m8nt1TQl:AovBZvckMmXlsPcWJp
Score

10^/10

ramnit banker discovery spyware stealer trojan upx worm
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Ramnit family
  ramnit
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ramnitbankerdiscoveryspywarestealertrojanupxworm

behavioral2

ramnitbankerdiscoveryspywarestealertrojanupxworm

© 2018-2024

Terms | Privacy