Overview

overview

10

Static

static

3

JaffaCakes...9c.exe

windows7-x64

10

JaffaCakes...9c.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_ba0a95d59e54c5718674941f3bc1a39c

  • Size

    93KB

  • Sample

    250119-cajvts1pbx

  • MD5

    ba0a95d59e54c5718674941f3bc1a39c

  • SHA1

    37a164d34e025ea3669357df42984db627b1362b

  • SHA256

    29a3f82e504dd7135370b00bb5afc4f766bd6ca0e1bf7ea1e7765775b4dfbfcc

  • SHA512

    6f03d6d95c9a4fd8cbbb16a4658ff1cc92e187b6d3a7fa33a73452db393072fedd323aafa5137d2a8d906f277830e09bc3e31f5ffe87a59656b0cbcf96385ca8

  • SSDEEP

    1536:7VZnxm6MG9xgfrvEaoiT/GyphjXDYjKwttoswRmhApE:TnxwgxgfR/DVG7wBpE

Score
10/10
ramnitbankerdiscoverypersistencespywarestealertrojanupxworm

Malware Config

Targets

    • Target

      JaffaCakes118_ba0a95d59e54c5718674941f3bc1a39c

    • Size

      93KB

    • MD5

      ba0a95d59e54c5718674941f3bc1a39c

    • SHA1

      37a164d34e025ea3669357df42984db627b1362b

    • SHA256

      29a3f82e504dd7135370b00bb5afc4f766bd6ca0e1bf7ea1e7765775b4dfbfcc

    • SHA512

      6f03d6d95c9a4fd8cbbb16a4658ff1cc92e187b6d3a7fa33a73452db393072fedd323aafa5137d2a8d906f277830e09bc3e31f5ffe87a59656b0cbcf96385ca8

    • SSDEEP

      1536:7VZnxm6MG9xgfrvEaoiT/GyphjXDYjKwttoswRmhApE:TnxwgxgfR/DVG7wBpE

    Score
    10/10
    ramnitbankerdiscoverypersistencespywarestealertrojanupxworm

    • Modifies WinLogon for persistence

      persistence

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

      trojanspywarestealerwormbankerramnit

    • Ramnit family

      ramnit

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks