Overview

overview

10

Static

static

3

fda4adcff3...18.exe

windows7-x64

10

fda4adcff3...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fda4adcff37498fb0f7714db8d1de11d_JaffaCakes118

  • Size

    120KB

  • Sample

    241219-adq27synel

  • MD5

    fda4adcff37498fb0f7714db8d1de11d

  • SHA1

    ae00f2eddd4dbc05bed0e4fabde97e6c6546b7bc

  • SHA256

    287fcfc5f81ab48d370fc04a7c42ea008897447451bec001692c96660f2285c2

  • SHA512

    d1003f6114788a96c5ae1454024b2abfc35f4d21df4be358fbc883630ebe721122a260101d446ac911e1ca45dcae291fc5fc5e846f2a5fab731601d01113ead3

  • SSDEEP

    1536:+VZnxm6MG9xgfrvEaoiT/GyphjXDYjKwttoswRmhApEtCGZZaD69sKx5KYOTmu9Z:unxwgxgfR/DVG7wBpEtComwDKYOqYZ

Score
10/10
ramnitbankerdiscoverypersistencespywarestealertrojanupxworm

Malware Config

Targets

    • Target

      fda4adcff37498fb0f7714db8d1de11d_JaffaCakes118

    • Size

      120KB

    • MD5

      fda4adcff37498fb0f7714db8d1de11d

    • SHA1

      ae00f2eddd4dbc05bed0e4fabde97e6c6546b7bc

    • SHA256

      287fcfc5f81ab48d370fc04a7c42ea008897447451bec001692c96660f2285c2

    • SHA512

      d1003f6114788a96c5ae1454024b2abfc35f4d21df4be358fbc883630ebe721122a260101d446ac911e1ca45dcae291fc5fc5e846f2a5fab731601d01113ead3

    • SSDEEP

      1536:+VZnxm6MG9xgfrvEaoiT/GyphjXDYjKwttoswRmhApEtCGZZaD69sKx5KYOTmu9Z:unxwgxgfR/DVG7wBpEtComwDKYOqYZ

    Score
    10/10
    ramnitbankerdiscoverypersistencespywarestealertrojanupxworm

    • Modifies WinLogon for persistence

      persistence

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

      trojanspywarestealerwormbankerramnit

    • Ramnit family

      ramnit

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks