Overview

overview

10

Static

static

8

smzy_2016....exe

windows7_x64

10

smzy_2016....exe

windows10-2004_x64

10

数码资源网.url

windows7_x64

1

数码资源网.url

windows10-2004_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b433ca863e6c3df4740907ee4d9c5cae3803ec6b38d4c8f3e0d6443b6e940681

  • Size

    1.2MB

  • Sample

    220520-rafkqsabep

  • MD5

    63e6d21e7638f5723a591e9fe363d851

  • SHA1

    529127f7ff9000a4ad3c7a1c2d38c3b9f00bd1e9

  • SHA256

    b433ca863e6c3df4740907ee4d9c5cae3803ec6b38d4c8f3e0d6443b6e940681

  • SHA512

    5735edc4909d4a63fd38b55af8d5e38a95387d7e491d1378bf2b07cbe6e42aac1ccb46e066fc9c9f93a250ddf9a956edf722b388f14243589b164a550835cc7d

Score
10/10
ramnitbankerbootkitpersistencespywarestealertrojanupxworm

Malware Config

Targets

    • Target

      smzy_2016小妹刷QB软件.exe

    • Size

      1.3MB

    • MD5

      fda68efd40295fd40a620060a8fc9e72

    • SHA1

      f77ed41fc1de0bd5ca99bdd5eefe98894be5ab01

    • SHA256

      c107d5d3baa13dfdd1e91ee9aafc8583e0b1f7c86e721132fb37724625717049

    • SHA512

      7dd384dc749025aa15c9a9e81db69ac46c1ae42cedc781849342433961187a366fbaaa7de36c413bc37168645337011e84d568c88d856527a8fd2bf66dcde527

    Score
    10/10
    ramnitbankerbootkitpersistencespywarestealertrojanupxworm

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

      trojanspywarestealerwormbankerramnit

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

    • Target

      数码资源网.url

    • Size

      244B

    • MD5

      305983ae6219bf10d517e168b3ebe5ea

    • SHA1

      b30177e0d7aa2c46843fa9c728c8a9319f34c6a1

    • SHA256

      a4a66ca6e527f6b5a344ec48235b21666f44d19f710ea5d75332e6a4263d027f

    • SHA512

      def75af02cb32b05d19cea6ac978941f93b659fc23a3d8ea29f60874c6875a08274403c125452bd14fc2e878e193eecca70b83f19c22881e3f9a8ab4f6afcb28

    Score
    1/10
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

1
T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks