ramnit | 84dc978068f5f5bf66fc3b899ef2319d74d88ec2df61e747123905e5bf5f961c | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...3a.exe

windows7-x64

JaffaCakes...3a.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_76b69c866349a546c4e9b78e4b79053a
Size

1.1MB
Sample

250104-bc8rasspcv
MD5

76b69c866349a546c4e9b78e4b79053a
SHA1

788b41852048fb21692d8c5c2c6e4969afa87789
SHA256

84dc978068f5f5bf66fc3b899ef2319d74d88ec2df61e747123905e5bf5f961c
SHA512

dc46041263b0af0d607a77696d88e729badc40ab4da93957940c6ba7bfde182df0aabf1abd0597d6347694fa5659d6af3b82815ed7bb1befdd2efc8264c00e67
SSDEEP

24576:hiM5uIshBc6ReEJwdQx5L9MFy75C7HMIPgO9eyn:vuj06wdU9MZMwsyn

Score

10^/10

ramnit banker discovery persistence spyware stealer trojan upx worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_76b69c866349a546c4e9b78e4b79053a.exe

Resource

win7-20240903-en

ramnit banker discovery persistence spyware stealer trojan upx worm

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_76b69c866349a546c4e9b78e4b79053a.exe

Resource

win10v2004-20241007-en

ramnit banker discovery spyware stealer trojan upx worm

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_76b69c866349a546c4e9b78e4b79053a
- Size
  
  1.1MB
- MD5
  
  76b69c866349a546c4e9b78e4b79053a
- SHA1
  
  788b41852048fb21692d8c5c2c6e4969afa87789
- SHA256
  
  84dc978068f5f5bf66fc3b899ef2319d74d88ec2df61e747123905e5bf5f961c
- SHA512
  
  dc46041263b0af0d607a77696d88e729badc40ab4da93957940c6ba7bfde182df0aabf1abd0597d6347694fa5659d6af3b82815ed7bb1befdd2efc8264c00e67
- SSDEEP
  
  24576:hiM5uIshBc6ReEJwdQx5L9MFy75C7HMIPgO9eyn:vuj06wdU9MZMwsyn
Score

10^/10

ramnit banker discovery persistence spyware stealer trojan upx worm
- Modifies WinLogon for persistence
  persistence
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Ramnit family
  ramnit
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ramnitbankerdiscoverypersistencespywarestealertrojanupxworm

behavioral2

ramnitbankerdiscoveryspywarestealertrojanupxworm

© 2018-2025

Terms | Privacy