Overview

overview

10

Static

static

8

GdtBpFKY.exe

windows7_x64

10

GdtBpFKY.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    GdtBpFKY.exe

  • Size

    140KB

  • Sample

    220309-sfeq3ahfe7

  • MD5

    bfac768f9ad7d29ec91a0288f4b5f479

  • SHA1

    ff3240c04aa6778dfc4fa2c2eec505c0fb52acac

  • SHA256

    950da158619b3a37e4c0f0be34c39482afdce6d8aa92703ea9cf5ddd487049e9

  • SHA512

    6fa181b5aa88216d49e24576cff35cd5ce4f1ed11d3ec3d6539125d699c421f79dc755b4383e6d6ccf1657d21ee4aa9364f6785ef870e2863b93fa3885f07289

Score
10/10
ramnitbankerevasionspywarestealertrojanupxworm

Malware Config

Targets

    • Target

      GdtBpFKY.exe

    • Size

      140KB

    • MD5

      bfac768f9ad7d29ec91a0288f4b5f479

    • SHA1

      ff3240c04aa6778dfc4fa2c2eec505c0fb52acac

    • SHA256

      950da158619b3a37e4c0f0be34c39482afdce6d8aa92703ea9cf5ddd487049e9

    • SHA512

      6fa181b5aa88216d49e24576cff35cd5ce4f1ed11d3ec3d6539125d699c421f79dc755b4383e6d6ccf1657d21ee4aa9364f6785ef870e2863b93fa3885f07289

    Score
    10/10
    ramnitbankerspywarestealertrojanupxwormevasion

    • Modifies firewall policy service

      evasion

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

      trojanspywarestealerwormbankerramnit

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks