Overview

overview

10

Static

static

3

JaffaCakes...9a.exe

windows7-x64

10

JaffaCakes...9a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_82300aca9b663458789a387288392a9a

  • Size

    184KB

  • Sample

    250116-z42ztszjcw

  • MD5

    82300aca9b663458789a387288392a9a

  • SHA1

    811ee1745e2d06d529d42f3b981333210c860c98

  • SHA256

    24055f919b7a34f7d9589037fe8335f489f33322f486816d8e699f50f715f472

  • SHA512

    86d53b9ac01a1db801c63a99cd5e59f0a38d877d279e6927ef8eb0bb0f062647b7866c2892a0f92227a84a923b7728d00ed5a731d738b691aa252bb3ebe7b4da

  • SSDEEP

    1536:gVZnxm6MG9xgfrvEaoiT/GyphjXDYjKwttoswRmhApE:QnxwgxgfR/DVG7wBpE

Score
10/10
ramnitbankerdiscoverypersistencespywarestealertrojanupxworm

Malware Config

Targets

    • Target

      JaffaCakes118_82300aca9b663458789a387288392a9a

    • Size

      184KB

    • MD5

      82300aca9b663458789a387288392a9a

    • SHA1

      811ee1745e2d06d529d42f3b981333210c860c98

    • SHA256

      24055f919b7a34f7d9589037fe8335f489f33322f486816d8e699f50f715f472

    • SHA512

      86d53b9ac01a1db801c63a99cd5e59f0a38d877d279e6927ef8eb0bb0f062647b7866c2892a0f92227a84a923b7728d00ed5a731d738b691aa252bb3ebe7b4da

    • SSDEEP

      1536:gVZnxm6MG9xgfrvEaoiT/GyphjXDYjKwttoswRmhApE:QnxwgxgfR/DVG7wBpE

    Score
    10/10
    ramnitbankerdiscoverypersistencespywarestealertrojanupxworm

    • Modifies WinLogon for persistence

      persistence

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

      trojanspywarestealerwormbankerramnit

    • Ramnit family

      ramnit

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks