ramnit | 9706647114f105eb52f92b8d91df52ce85b48fa5b6b82f9d51c71ddb4e3ab142 | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...76.dll

windows7-x64

JaffaCakes...76.dll

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_616c4cab2ce1e207d96fc3a3b45fe676
Size

680KB
Sample

250130-lttzkszkgq
MD5

616c4cab2ce1e207d96fc3a3b45fe676
SHA1

3680432d3064e583296361148646b488e3d78035
SHA256

9706647114f105eb52f92b8d91df52ce85b48fa5b6b82f9d51c71ddb4e3ab142
SHA512

1384a4479ef32057a6c46daeaa690efa9883631275e4cf4296e3bcc4267d6970b68333cd0fac434507fd682e748d5f33b97ba878e711d6ae12dacd0dc0a5576a
SSDEEP

12288:bNIyZN4+Wv4PLq6Okrh9ZN/hs9DsdJpUBlo:b9TPmirh9Zdh6owlo

Score

10^/10

ramnit banker discovery persistence spyware stealer trojan upx worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_616c4cab2ce1e207d96fc3a3b45fe676.dll

Resource

win7-20240708-en

ramnit banker discovery persistence spyware stealer trojan upx worm

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_616c4cab2ce1e207d96fc3a3b45fe676.dll

Resource

win10v2004-20250129-en

ramnit banker discovery spyware stealer trojan upx worm

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_616c4cab2ce1e207d96fc3a3b45fe676
- Size
  
  680KB
- MD5
  
  616c4cab2ce1e207d96fc3a3b45fe676
- SHA1
  
  3680432d3064e583296361148646b488e3d78035
- SHA256
  
  9706647114f105eb52f92b8d91df52ce85b48fa5b6b82f9d51c71ddb4e3ab142
- SHA512
  
  1384a4479ef32057a6c46daeaa690efa9883631275e4cf4296e3bcc4267d6970b68333cd0fac434507fd682e748d5f33b97ba878e711d6ae12dacd0dc0a5576a
- SSDEEP
  
  12288:bNIyZN4+Wv4PLq6Okrh9ZN/hs9DsdJpUBlo:b9TPmirh9Zdh6owlo
Score

10^/10

ramnit banker discovery persistence spyware stealer trojan upx worm
- Modifies WinLogon for persistence
  persistence
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Ramnit family
  ramnit
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ramnitbankerdiscoverypersistencespywarestealertrojanupxworm

behavioral2

ramnitbankerdiscoveryspywarestealertrojanupxworm

© 2018-2025

Terms | Privacy