ramnit | 39cd30364e480cc38aecb0b6247312064f7285024e969659e1fa3eac2e39814e | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...59.exe

windows7-x64

JaffaCakes...59.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_31dede4c6a77eb03089def7047136e59
Size

187KB
Sample

250126-daj19sypgs
MD5

31dede4c6a77eb03089def7047136e59
SHA1

4d6b2af46dc1c729f82d406eab66d99aef386fbd
SHA256

39cd30364e480cc38aecb0b6247312064f7285024e969659e1fa3eac2e39814e
SHA512

40b2c838012326c4bfede49f9e0bbbada2a924c6ffbd29c1208be06fe9dd0b2b76e934a1bce3ac16f138cb41aee2f441d58eb309500485fb11b48dbbaf7e7718
SSDEEP

3072:46lXWN336MdMfLirVQW0/nyyplK1LanRaSyjWsZcvi72iIw2jsxD7IYjA/LA:pXgqqULirVT01uaYSUZca72ip2juD7mM

Score

10^/10

ramnit banker discovery persistence spyware stealer trojan upx worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_31dede4c6a77eb03089def7047136e59.exe

Resource

win7-20240903-en

ramnit banker discovery persistence spyware stealer trojan upx worm

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_31dede4c6a77eb03089def7047136e59.exe

Resource

win10v2004-20241007-en

ramnit banker discovery spyware stealer trojan upx worm

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_31dede4c6a77eb03089def7047136e59
- Size
  
  187KB
- MD5
  
  31dede4c6a77eb03089def7047136e59
- SHA1
  
  4d6b2af46dc1c729f82d406eab66d99aef386fbd
- SHA256
  
  39cd30364e480cc38aecb0b6247312064f7285024e969659e1fa3eac2e39814e
- SHA512
  
  40b2c838012326c4bfede49f9e0bbbada2a924c6ffbd29c1208be06fe9dd0b2b76e934a1bce3ac16f138cb41aee2f441d58eb309500485fb11b48dbbaf7e7718
- SSDEEP
  
  3072:46lXWN336MdMfLirVQW0/nyyplK1LanRaSyjWsZcvi72iIw2jsxD7IYjA/LA:pXgqqULirVT01uaYSUZca72ip2juD7mM
Score

10^/10

ramnit banker discovery persistence spyware stealer trojan upx worm
- Modifies WinLogon for persistence
  persistence
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Ramnit family
  ramnit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ramnitbankerdiscoverypersistencespywarestealertrojanupxworm

behavioral2

ramnitbankerdiscoveryspywarestealertrojanupxworm

© 2018-2025

Terms | Privacy