ramnit

General

Target

JaffaCakes118_6a5538abf08dea7ea3d38892c1cf6620
Size

573KB
Sample

250103-ffz1sasqhj
MD5

6a5538abf08dea7ea3d38892c1cf6620
SHA1

8c0e4b75f455e9d26bd0252126891d4fbf5a366f
SHA256

678868b0d661db2371a50165fd01806c5cd9435bd18d29cf09c9f9a6d5c0c5b1
SHA512

83fecb0ccaa1757ea055f6d9a6d2671ddf7d615de9d94bd6ba586214c1ddca6f61f5fbc83ed5922e40dbee828da218cb2073f8866c2c33e5e127c6d9e77fa622
SSDEEP

6144:eE3pV90gzsIHn+NzocVIsGesIIohL7197Ey076r1c8X/3vAgyy7CI/HQC+IIqumu:eGJckHsIQ7Iy0R8P3vmtIbS

Score

10^/10

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

- Target
  
  JaffaCakes118_6a5538abf08dea7ea3d38892c1cf6620
- Size
  
  573KB
- MD5
  
  6a5538abf08dea7ea3d38892c1cf6620
- SHA1
  
  8c0e4b75f455e9d26bd0252126891d4fbf5a366f
- SHA256
  
  678868b0d661db2371a50165fd01806c5cd9435bd18d29cf09c9f9a6d5c0c5b1
- SHA512
  
  83fecb0ccaa1757ea055f6d9a6d2671ddf7d615de9d94bd6ba586214c1ddca6f61f5fbc83ed5922e40dbee828da218cb2073f8866c2c33e5e127c6d9e77fa622
- SSDEEP
  
  6144:eE3pV90gzsIHn+NzocVIsGesIIohL7197Ey076r1c8X/3vAgyy7CI/HQC+IIqumu:eGJckHsIQ7Iy0R8P3vmtIbS
Score

10^/10

ramnit sality backdoor banker discovery evasion spyware stealer trojan upx worm
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Ramnit family
  ramnit
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- Sality family
  sality
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

2

T1562

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Ramnit family

Sality

Sality family

Windows security bypass

Executes dropped EXE

Loads dropped DLL

Windows security modification

Drops file in System32 directory

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2