Overview

overview

10

Static

static

6068ce6d8e...33.dll

windows7_x64

10

6068ce6d8e...33.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6068ce6d8ea100b60b5a798d4215e37173b1a1633d115f1ce122f1d43947e033

  • Size

    536KB

  • Sample

    210513-a4ngj24xes

  • MD5

    e3b1f2f727df5f5d9ef8bfb36b80e439

  • SHA1

    f7587aac0c1d9a8158456398ebcacf78937f9c1c

  • SHA256

    6068ce6d8ea100b60b5a798d4215e37173b1a1633d115f1ce122f1d43947e033

  • SHA512

    3068fd87154156ad3128f05838b3edadc65ebe411b598b5badcaaf84e82df065aaf2bd1c2342b441567e144f72d32bc0d4a4dd92f43d5026f569215ad716fbab

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Targets

    • Target

      6068ce6d8ea100b60b5a798d4215e37173b1a1633d115f1ce122f1d43947e033

    • Size

      536KB

    • MD5

      e3b1f2f727df5f5d9ef8bfb36b80e439

    • SHA1

      f7587aac0c1d9a8158456398ebcacf78937f9c1c

    • SHA256

      6068ce6d8ea100b60b5a798d4215e37173b1a1633d115f1ce122f1d43947e033

    • SHA512

      3068fd87154156ad3128f05838b3edadc65ebe411b598b5badcaaf84e82df065aaf2bd1c2342b441567e144f72d32bc0d4a4dd92f43d5026f569215ad716fbab

    Score
    10/10
    ramnitbankerspywarestealertrojanupxworm

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

      trojanspywarestealerwormbankerramnit

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks