Overview

overview

10

Static

static

97b857828a...52.exe

windows7_x64

10

97b857828a...52.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    97b857828a5257f9c06b5ce110352661fa320a5231c769e2c3742cb80cbe3152

  • Size

    304KB

  • Sample

    210515-yqpglbjk9j

  • MD5

    c0fc7dc762af31654acb88083973715c

  • SHA1

    74923cbf47ee8df4c4bd8fa37a08cc6635a52a42

  • SHA256

    97b857828a5257f9c06b5ce110352661fa320a5231c769e2c3742cb80cbe3152

  • SHA512

    99a7310b7c7128ddc541a2e8f460583dddee881a11c48f9d53263f16092ce68f5ac1144abb8a280812a9d337e5190c6a917aed7d28fb1910546198d62c1bf9a9

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Targets

    • Target

      97b857828a5257f9c06b5ce110352661fa320a5231c769e2c3742cb80cbe3152

    • Size

      304KB

    • MD5

      c0fc7dc762af31654acb88083973715c

    • SHA1

      74923cbf47ee8df4c4bd8fa37a08cc6635a52a42

    • SHA256

      97b857828a5257f9c06b5ce110352661fa320a5231c769e2c3742cb80cbe3152

    • SHA512

      99a7310b7c7128ddc541a2e8f460583dddee881a11c48f9d53263f16092ce68f5ac1144abb8a280812a9d337e5190c6a917aed7d28fb1910546198d62c1bf9a9

    Score
    10/10
    ramnitbankerspywarestealertrojanupxworm

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

      trojanspywarestealerwormbankerramnit

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks