Overview

overview

10

Static

static

3

JaffaCakes...03.dll

windows7-x64

10

JaffaCakes...03.dll

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_4fe05a056bc132d1ed9c589dac107f03

  • Size

    436KB

  • Sample

    250128-2aadtswmbn

  • MD5

    4fe05a056bc132d1ed9c589dac107f03

  • SHA1

    5c19ad279e343b6fc90db2c1634f10d78d89b006

  • SHA256

    5cbdcce633db39767b0e487359e7dceb8b42d5a339c97d0632f3cc7d3708303c

  • SHA512

    5cc4a8aa12c552dc042e3654448badf86c8e44e1a5cb9babb5e424d44191f5f944c4d571ae8e21603f90177e3a46b5be574f8e8acb5c98c5e177ef3a383311c5

  • SSDEEP

    12288:Joz83OtIEzW+/m/AyF7bCrO/EDrzLbDe:mbIEzW+/m/rF7kcKzj

Score
10/10
ramnitbankerdiscoverypersistencespywarestealertrojanupxworm

Malware Config

Targets

    • Target

      JaffaCakes118_4fe05a056bc132d1ed9c589dac107f03

    • Size

      436KB

    • MD5

      4fe05a056bc132d1ed9c589dac107f03

    • SHA1

      5c19ad279e343b6fc90db2c1634f10d78d89b006

    • SHA256

      5cbdcce633db39767b0e487359e7dceb8b42d5a339c97d0632f3cc7d3708303c

    • SHA512

      5cc4a8aa12c552dc042e3654448badf86c8e44e1a5cb9babb5e424d44191f5f944c4d571ae8e21603f90177e3a46b5be574f8e8acb5c98c5e177ef3a383311c5

    • SSDEEP

      12288:Joz83OtIEzW+/m/AyF7bCrO/EDrzLbDe:mbIEzW+/m/rF7kcKzj

    Score
    10/10
    ramnitbankerdiscoverypersistencespywarestealertrojanupxworm

    • Modifies WinLogon for persistence

      persistence

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

      trojanspywarestealerwormbankerramnit

    • Ramnit family

      ramnit

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks