ramnit | e1f48babfc8d6f94b08ef639f600cba6d71274da64389e015d8f2d533f19a4c4 | Triage

Sharing

General

Target

JaffaCakes118_b30f2f64adbcd919b851e97d2508e0b9
Size

128KB
Sample

250413-axsedavvgz
MD5

b30f2f64adbcd919b851e97d2508e0b9
SHA1

6e5c89231044089b9b2f3db86891a7edf7623f18
SHA256

e1f48babfc8d6f94b08ef639f600cba6d71274da64389e015d8f2d533f19a4c4
SHA512

c297663a6717195f36c754265c1cc5c4f5fdc16fb2b8cdf2b33082201ddc1e349a01db559face85f7963ddb54560929663e71aba897fa915bffa4c7961b29ece
SSDEEP

1536:osikblh4WLb5oW9FnDH+fApdpTBvHir6aOvJ3zhB1Eq+S33ySKYAy1J9/bt:okblbLdo0DH+fKdp5Hy6a0z6q/FL9J

Score

10^/10

ramnit banker defense_evasion discovery spyware stealer trojan upx worm

Malware Config

Targets

- Target
  
  JaffaCakes118_b30f2f64adbcd919b851e97d2508e0b9
- Size
  
  128KB
- MD5
  
  b30f2f64adbcd919b851e97d2508e0b9
- SHA1
  
  6e5c89231044089b9b2f3db86891a7edf7623f18
- SHA256
  
  e1f48babfc8d6f94b08ef639f600cba6d71274da64389e015d8f2d533f19a4c4
- SHA512
  
  c297663a6717195f36c754265c1cc5c4f5fdc16fb2b8cdf2b33082201ddc1e349a01db559face85f7963ddb54560929663e71aba897fa915bffa4c7961b29ece
- SSDEEP
  
  1536:osikblh4WLb5oW9FnDH+fApdpTBvHir6aOvJ3zhB1Eq+S33ySKYAy1J9/bt:okblbLdo0DH+fKdp5Hy6a0z6q/FL9J
Score

10^/10

ramnit banker defense_evasion discovery spyware stealer trojan upx worm
- Modifies firewall policy service
  defense_evasion
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Ramnit family
  ramnit
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ramnitbankerdefense_evasiondiscoveryspywarestealertrojanupxworm