ramnit | 1828752fa2d551e6e5002daf8721477dcbae818ed20c809e9def199028bd6f01 | Triage

Sharing

General

Target

JaffaCakes118_798e308d188ff230a1de2376dfa59780
Size

124KB
Sample

250104-n3ktdayjds
MD5

798e308d188ff230a1de2376dfa59780
SHA1

98b89c6e4499269e83945797bc8205bee567556c
SHA256

1828752fa2d551e6e5002daf8721477dcbae818ed20c809e9def199028bd6f01
SHA512

cbdd5d6502708c949b14e74c08ae904d77286c569b8ae34e6510bc8023a5c197f33dcbceb86485c0ee066e3e5bba8031814c3bb7fc9499a0ea3c2f7ebc0aae93
SSDEEP

3072:SkblbLdo0DH+fKdp5Hy6a0z6q3b7dX9ftnbgSnC:TbLdo0DH+idp5S6a0OqbB3bgSn

Score

10^/10

ramnit banker discovery evasion spyware stealer trojan upx worm

Malware Config

Targets

- Target
  
  JaffaCakes118_798e308d188ff230a1de2376dfa59780
- Size
  
  124KB
- MD5
  
  798e308d188ff230a1de2376dfa59780
- SHA1
  
  98b89c6e4499269e83945797bc8205bee567556c
- SHA256
  
  1828752fa2d551e6e5002daf8721477dcbae818ed20c809e9def199028bd6f01
- SHA512
  
  cbdd5d6502708c949b14e74c08ae904d77286c569b8ae34e6510bc8023a5c197f33dcbceb86485c0ee066e3e5bba8031814c3bb7fc9499a0ea3c2f7ebc0aae93
- SSDEEP
  
  3072:SkblbLdo0DH+fKdp5Hy6a0z6q3b7dX9ftnbgSnC:TbLdo0DH+idp5S6a0OqbB3bgSn
Score

10^/10

ramnit banker discovery spyware stealer trojan upx worm evasion
- Modifies firewall policy service
  evasion
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Ramnit family
  ramnit
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ramnitbankerdiscoveryspywarestealertrojanupxworm

behavioral2

ramnitbankerdiscoveryevasionspywarestealertrojanupxworm