ramnit | edc05ad849fa07155c28d878114d36645d21aa417e88103cb7551e3625cfd544 | Triage

Sharing

General

Target

JaffaCakes118_7786b56e62e3780f2be873257b614546
Size

212KB
Sample

250104-epaa2s1jbt
MD5

7786b56e62e3780f2be873257b614546
SHA1

358c651ed95b27897f7a1e7a8b292be29842b7c4
SHA256

edc05ad849fa07155c28d878114d36645d21aa417e88103cb7551e3625cfd544
SHA512

65c5281788a720cc0841ca56f30d774a0eaccb27b16cb9202a4ea7b60571eeecbdaa48e5435c21ad9c2063cf2df3ed4850f90e58a8419885ab7e6e60bf838c27
SSDEEP

3072:VKo1Tbg90dIKmR5j273PAmr0auTmqqGcDCn+C5C7arF8dDFFsVSsKiJ:91XqN5a73Px3uTBqGcDCn+C5C+52F8/

Score

10^/10

ramnit banker discovery evasion spyware stealer trojan upx worm

Malware Config

Targets

- Target
  
  JaffaCakes118_7786b56e62e3780f2be873257b614546
- Size
  
  212KB
- MD5
  
  7786b56e62e3780f2be873257b614546
- SHA1
  
  358c651ed95b27897f7a1e7a8b292be29842b7c4
- SHA256
  
  edc05ad849fa07155c28d878114d36645d21aa417e88103cb7551e3625cfd544
- SHA512
  
  65c5281788a720cc0841ca56f30d774a0eaccb27b16cb9202a4ea7b60571eeecbdaa48e5435c21ad9c2063cf2df3ed4850f90e58a8419885ab7e6e60bf838c27
- SSDEEP
  
  3072:VKo1Tbg90dIKmR5j273PAmr0auTmqqGcDCn+C5C7arF8dDFFsVSsKiJ:91XqN5a73Px3uTBqGcDCn+C5C+52F8/
Score

10^/10

ramnit banker discovery spyware stealer trojan upx worm evasion
- Modifies firewall policy service
  evasion
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Ramnit family
  ramnit
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ramnitbankerdiscoveryspywarestealertrojanupxworm

behavioral2

ramnitbankerdiscoveryevasionspywarestealertrojanupxworm