General

  • Target

    de6ed9cba3d9c5b84f0fb8bdd1937ac4e60e543aa83ccef180073022c385b20a

  • Size

    2.5MB

  • Sample

    220521-xyn5nsgaaj

  • MD5

    a052585bd537be9cc554ef8147cae3d2

  • SHA1

    fb50c89c57650bf9003727aa6974a866ded99151

  • SHA256

    de6ed9cba3d9c5b84f0fb8bdd1937ac4e60e543aa83ccef180073022c385b20a

  • SHA512

    d32baed6a50535244763ab5365733fc07600ccc20da3a7516f1c534dbbc809541969eb7c42047d4226435fbb0327e43f77b4ea06c3b1d90df551c9177ca8ed63

Malware Config

Targets

    • Target

      de6ed9cba3d9c5b84f0fb8bdd1937ac4e60e543aa83ccef180073022c385b20a

    • Size

      2.5MB

    • MD5

      a052585bd537be9cc554ef8147cae3d2

    • SHA1

      fb50c89c57650bf9003727aa6974a866ded99151

    • SHA256

      de6ed9cba3d9c5b84f0fb8bdd1937ac4e60e543aa83ccef180073022c385b20a

    • SHA512

      d32baed6a50535244763ab5365733fc07600ccc20da3a7516f1c534dbbc809541969eb7c42047d4226435fbb0327e43f77b4ea06c3b1d90df551c9177ca8ed63

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

2
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks