Overview

overview

10

Static

static

1

JaffaCakes...d.html

windows7-x64

10

JaffaCakes...d.html

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_63554146034980285230907f0a70147d

  • Size

    524KB

  • Sample

    250130-qzpn9svkgq

  • MD5

    63554146034980285230907f0a70147d

  • SHA1

    e42a8e43dba1061451b580050781c1fb812c4e5f

  • SHA256

    d46a7c64293e0e1f79b5700af27dea44cb422ad88bf1dafde16f5fbb58f6b1c8

  • SHA512

    92438ba9a6d7f40727e826dfcccd43a85af6963741817d8c7a29c0e2371e4d7ca0799223bfb28fc3f95ab1b6bb0f16e2b5ee9ce30ccb1dd9b2aee747da67f1e4

  • SSDEEP

    6144:oxuvgNV1WAzLIwBMEAbR8GJ8WssIycfVUyaK4SnqKx1nJ08h0X6oUU:8uvsL52EAOK8cIyMUy77nd/nxKX6oUU

Score
10/10
ramnitbankerdiscoverypersistencespywarestealertrojanupxworm

Malware Config

Targets

    • Target

      JaffaCakes118_63554146034980285230907f0a70147d

    • Size

      524KB

    • MD5

      63554146034980285230907f0a70147d

    • SHA1

      e42a8e43dba1061451b580050781c1fb812c4e5f

    • SHA256

      d46a7c64293e0e1f79b5700af27dea44cb422ad88bf1dafde16f5fbb58f6b1c8

    • SHA512

      92438ba9a6d7f40727e826dfcccd43a85af6963741817d8c7a29c0e2371e4d7ca0799223bfb28fc3f95ab1b6bb0f16e2b5ee9ce30ccb1dd9b2aee747da67f1e4

    • SSDEEP

      6144:oxuvgNV1WAzLIwBMEAbR8GJ8WssIycfVUyaK4SnqKx1nJ08h0X6oUU:8uvsL52EAOK8cIyMUy77nd/nxKX6oUU

    Score
    10/10
    ramnitbankerdiscoverypersistencespywarestealertrojanupxworm

    • Modifies WinLogon for persistence

      persistence

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

      trojanspywarestealerwormbankerramnit

    • Ramnit family

      ramnit

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks