General
Target

79e965deb85ecd372dbbb5fd9c77867bcb4d5ad6e0c124ccc3ee51358305214d

Size

1MB

Sample

220520-enxpysbhbm

Score
10/10
MD5

803ff1fcf41f190b29838246f6f7615c

SHA1

3256620504b7694a98e65c8bb8bad6550035ba66

SHA256

79e965deb85ecd372dbbb5fd9c77867bcb4d5ad6e0c124ccc3ee51358305214d

SHA512

e18b8af2cc617558d248db9d33cd6f10ba27bff9a6dd3ae08acfff21e9f1e7e7966a078c56e939c13e79c7621e37ab1502a73b1292b040133008313d2e19b216

Malware Config
Targets
Target

79e965deb85ecd372dbbb5fd9c77867bcb4d5ad6e0c124ccc3ee51358305214d

MD5

803ff1fcf41f190b29838246f6f7615c

Filesize

1MB

Score
10/10
SHA1

3256620504b7694a98e65c8bb8bad6550035ba66

SHA256

79e965deb85ecd372dbbb5fd9c77867bcb4d5ad6e0c124ccc3ee51358305214d

SHA512

e18b8af2cc617558d248db9d33cd6f10ba27bff9a6dd3ae08acfff21e9f1e7e7966a078c56e939c13e79c7621e37ab1502a73b1292b040133008313d2e19b216

Tags

Signatures

  • Ramnit

    Description

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    Tags

  • Executes dropped EXE

  • UPX packed file

    Description

    Detects executables packed with UPX/modified UPX open source packer.

    Tags

  • Loads dropped DLL

  • Writes to the Master Boot Record (MBR)

    Description

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    Tags

    TTPs

    Bootkit
  • Drops file in System32 directory

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                      Privilege Escalation