General

  • Target

    79e965deb85ecd372dbbb5fd9c77867bcb4d5ad6e0c124ccc3ee51358305214d

  • Size

    1.4MB

  • Sample

    220520-enxpysbhbm

  • MD5

    803ff1fcf41f190b29838246f6f7615c

  • SHA1

    3256620504b7694a98e65c8bb8bad6550035ba66

  • SHA256

    79e965deb85ecd372dbbb5fd9c77867bcb4d5ad6e0c124ccc3ee51358305214d

  • SHA512

    e18b8af2cc617558d248db9d33cd6f10ba27bff9a6dd3ae08acfff21e9f1e7e7966a078c56e939c13e79c7621e37ab1502a73b1292b040133008313d2e19b216

Malware Config

Targets

    • Target

      79e965deb85ecd372dbbb5fd9c77867bcb4d5ad6e0c124ccc3ee51358305214d

    • Size

      1.4MB

    • MD5

      803ff1fcf41f190b29838246f6f7615c

    • SHA1

      3256620504b7694a98e65c8bb8bad6550035ba66

    • SHA256

      79e965deb85ecd372dbbb5fd9c77867bcb4d5ad6e0c124ccc3ee51358305214d

    • SHA512

      e18b8af2cc617558d248db9d33cd6f10ba27bff9a6dd3ae08acfff21e9f1e7e7966a078c56e939c13e79c7621e37ab1502a73b1292b040133008313d2e19b216

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Bootkit

1
T1067

Tasks