ramnit | b5bde0d2915bee434e3b5f57c6a2198e0e83aee3aedfd0164ffe34df86e80725 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

JaffaCakes...f0.dll

windows7-x64

JaffaCakes...f0.dll

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_43c9b064c53cca14a5fd69bb454883f0
Size

163KB
Sample

250101-cve3da1lcv
MD5

43c9b064c53cca14a5fd69bb454883f0
SHA1

1bbe4396f9c91f34422bca99ee539144f739227b
SHA256

b5bde0d2915bee434e3b5f57c6a2198e0e83aee3aedfd0164ffe34df86e80725
SHA512

7066f3e30b18a08c22433fb8e996ca443f2885a4aad6c12c4f8f51d65d9125421ff825f1b104f8063ff9cedfc0ac32da7f5a496ce761bc1af6ee7db8173056f5
SSDEEP

3072:Au1+M9LMWrgturUN2z9hBN8rT8UxdcIK8zzAB46eocmfLSZ79ha125m5FMpED74T:fjEnmcGLSZ5k1XFUX

Score

10^/10

ramnit banker discovery persistence spyware stealer trojan upx worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_43c9b064c53cca14a5fd69bb454883f0.dll

Resource

win7-20240903-en

ramnit banker discovery persistence spyware stealer trojan upx worm

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_43c9b064c53cca14a5fd69bb454883f0.dll

Resource

win10v2004-20241007-en

ramnit banker discovery persistence spyware stealer trojan upx worm

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_43c9b064c53cca14a5fd69bb454883f0
- Size
  
  163KB
- MD5
  
  43c9b064c53cca14a5fd69bb454883f0
- SHA1
  
  1bbe4396f9c91f34422bca99ee539144f739227b
- SHA256
  
  b5bde0d2915bee434e3b5f57c6a2198e0e83aee3aedfd0164ffe34df86e80725
- SHA512
  
  7066f3e30b18a08c22433fb8e996ca443f2885a4aad6c12c4f8f51d65d9125421ff825f1b104f8063ff9cedfc0ac32da7f5a496ce761bc1af6ee7db8173056f5
- SSDEEP
  
  3072:Au1+M9LMWrgturUN2z9hBN8rT8UxdcIK8zzAB46eocmfLSZ79ha125m5FMpED74T:fjEnmcGLSZ5k1XFUX
Score

10^/10

ramnit banker discovery persistence spyware stealer trojan upx worm
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Ramnit family
  ramnit
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ramnitbankerdiscoverypersistencespywarestealertrojanupxworm

behavioral2

ramnitbankerdiscoverypersistencespywarestealertrojanupxworm

© 2018-2025

Terms | Privacy