ramnit | 608b7495862b6ca16ffc06f7f5b81f517d6575ed28b1f4f034fa5b49a897b656 | Triage

Sharing

General

Target

JaffaCakes118_78550ab810e9bd757cc85e46558e1bf7
Size

332KB
Sample

250104-hv6szsykez
MD5

78550ab810e9bd757cc85e46558e1bf7
SHA1

7dfd8f6d67bffbb45959f8ea5819790144208ada
SHA256

608b7495862b6ca16ffc06f7f5b81f517d6575ed28b1f4f034fa5b49a897b656
SHA512

4da6792dc01a06e601420090d1f216ffdc8c29d1d160eae5b9da5c6859d38f1e0210937044b2c9b2edd7efe5872b777196549f768c9fc32fa35eea45af71e244
SSDEEP

6144:QOTeHI8HiL7+f5H2ubzbgNQphaNOW/+v0yFTUWbI0sXj/:TeoGiLah/IWwQj2Wb3q/

Score

10^/10

ramnit banker discovery evasion spyware stealer trojan upx worm

Malware Config

Targets

- Target
  
  JaffaCakes118_78550ab810e9bd757cc85e46558e1bf7
- Size
  
  332KB
- MD5
  
  78550ab810e9bd757cc85e46558e1bf7
- SHA1
  
  7dfd8f6d67bffbb45959f8ea5819790144208ada
- SHA256
  
  608b7495862b6ca16ffc06f7f5b81f517d6575ed28b1f4f034fa5b49a897b656
- SHA512
  
  4da6792dc01a06e601420090d1f216ffdc8c29d1d160eae5b9da5c6859d38f1e0210937044b2c9b2edd7efe5872b777196549f768c9fc32fa35eea45af71e244
- SSDEEP
  
  6144:QOTeHI8HiL7+f5H2ubzbgNQphaNOW/+v0yFTUWbI0sXj/:TeoGiLah/IWwQj2Wb3q/
Score

10^/10

ramnit banker discovery spyware stealer trojan upx worm evasion
- Modifies firewall policy service
  evasion
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Ramnit family
  ramnit
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ramnitbankerdiscoveryspywarestealertrojanupxworm

behavioral2

ramnitbankerdiscoveryevasionspywarestealertrojanupxworm