ramnit | fef4bd80ff48368dc8244e22f4c561a46dc484e5841178b674d58a6b3ddb54ec | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...a0.exe

windows7-x64

JaffaCakes...a0.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_4552e1e6a2a8fbd737699805fc4920a0
Size

544KB
Sample

250101-dwba9avqcj
MD5

4552e1e6a2a8fbd737699805fc4920a0
SHA1

81e19a122790dfb7d042d316ab5cdbbc7b0a13f0
SHA256

fef4bd80ff48368dc8244e22f4c561a46dc484e5841178b674d58a6b3ddb54ec
SHA512

7ba323b9bb903eacaf312abbb2956203ea42d4020dd6f7ca6d63b2bffe874bf4c25f5cd386d105c09e5211f3e660ecfdb6d2bffb0f7cb2145563bbda1f971d29
SSDEEP

12288:r8zo7CIXN/HRcM+2CGvpAwsnXOQo7um9G:r8zexHRcMbCGvq7OQoqm

Score

10^/10

ramnit banker discovery persistence spyware stealer trojan upx worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_4552e1e6a2a8fbd737699805fc4920a0.exe

Resource

win7-20241010-en

ramnit banker discovery persistence spyware stealer trojan upx worm

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_4552e1e6a2a8fbd737699805fc4920a0.exe

Resource

win10v2004-20241007-en

ramnit banker discovery persistence spyware stealer trojan upx worm

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_4552e1e6a2a8fbd737699805fc4920a0
- Size
  
  544KB
- MD5
  
  4552e1e6a2a8fbd737699805fc4920a0
- SHA1
  
  81e19a122790dfb7d042d316ab5cdbbc7b0a13f0
- SHA256
  
  fef4bd80ff48368dc8244e22f4c561a46dc484e5841178b674d58a6b3ddb54ec
- SHA512
  
  7ba323b9bb903eacaf312abbb2956203ea42d4020dd6f7ca6d63b2bffe874bf4c25f5cd386d105c09e5211f3e660ecfdb6d2bffb0f7cb2145563bbda1f971d29
- SSDEEP
  
  12288:r8zo7CIXN/HRcM+2CGvpAwsnXOQo7um9G:r8zexHRcMbCGvq7OQoqm
Score

10^/10

ramnit banker discovery persistence spyware stealer trojan upx worm
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Ramnit family
  ramnit
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ramnitbankerdiscoverypersistencespywarestealertrojanupxworm

behavioral2

ramnitbankerdiscoverypersistencespywarestealertrojanupxworm

© 2018-2025

Terms | Privacy