Overview

overview

8

Static

static

Rambox-0.7.9-win.exe

windows11_x64

8

Rambox-0.7.9-win.exe

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Rambox-0.7.9-win.exe

  • Size

    112.3MB

  • Sample

    211019-rdvttsgghm

  • MD5

    d3b36737818f47270c788fae167446d2

  • SHA1

    5a5e09c9365325ac640ada70e97d060d8984360c

  • SHA256

    2aa345f263242d17215171ee9355dbe4f73096f29a76c23adfd272f6fe659649

  • SHA512

    fe080ee14053a2e9cbb092b2bf9eace7e471ed357653ef776662d8d4f95da8cdc9cfa2ba872e5142ed47b4a49a48d4220cd6a126766f100789fe7e00e5f5eb48

Score
8/10
discoverypersistence

Malware Config

Targets

    • Target

      Rambox-0.7.9-win.exe

    • Size

      112.3MB

    • MD5

      d3b36737818f47270c788fae167446d2

    • SHA1

      5a5e09c9365325ac640ada70e97d060d8984360c

    • SHA256

      2aa345f263242d17215171ee9355dbe4f73096f29a76c23adfd272f6fe659649

    • SHA512

      fe080ee14053a2e9cbb092b2bf9eace7e471ed357653ef776662d8d4f95da8cdc9cfa2ba872e5142ed47b4a49a48d4220cd6a126766f100789fe7e00e5f5eb48

    Score
    8/10
    discoverypersistence

    • Executes dropped EXE

    • Sets service image path in registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

2
T1060

Privilege Escalation

Defense Evasion

Modify Registry

4
T1112

Install Root Certificate

1
T1130

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks