Overview

overview

10

Static

static

8

._cache_?????Srv.exe

windows7_x64

10

._cache_?????Srv.exe

windows10-2004_x64

10

?????.exe

windows7_x64

10

?????.exe

windows10-2004_x64

10

??????.url

windows7_x64

6

??????.url

windows10-2004_x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    41a562909e9cea43a4b07230e924dc6360df5851d901e0d4722daa6d90863b5b

  • Size

    1.2MB

  • Sample

    220521-xyr7bsgaal

  • MD5

    3783c01d995ab0c2ada589305e98dc04

  • SHA1

    a8cb4a2519c4c1a8ebb700ff9181235bf82208a6

  • SHA256

    41a562909e9cea43a4b07230e924dc6360df5851d901e0d4722daa6d90863b5b

  • SHA512

    a2ca24f71c3019393b9a8e6cf379ce37d31b11f360ef6efd567175dbcd6c84121ddab62a71157eaaba9abeead3fcfb7ec1ba8684d565b84965a56383b1f7be5c

Score
10/10
ramnitbankerevasionpersistencespywarestealertrojanupxworm

Malware Config

Targets

    • Target

      ._cache_?????Srv.exe

    • Size

      55KB

    • MD5

      ff5e1f27193ce51eec318714ef038bef

    • SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    • SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    • SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Score
    10/10
    ramnitbankerspywarestealertrojanupxworm

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

      trojanspywarestealerwormbankerramnit

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      ?????.exe

    • Size

      2.5MB

    • MD5

      a052585bd537be9cc554ef8147cae3d2

    • SHA1

      fb50c89c57650bf9003727aa6974a866ded99151

    • SHA256

      de6ed9cba3d9c5b84f0fb8bdd1937ac4e60e543aa83ccef180073022c385b20a

    • SHA512

      d32baed6a50535244763ab5365733fc07600ccc20da3a7516f1c534dbbc809541969eb7c42047d4226435fbb0327e43f77b4ea06c3b1d90df551c9177ca8ed63

    Score
    10/10
    ramnitbankerpersistencespywarestealertrojanupxworm

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

      trojanspywarestealerwormbankerramnit

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral3behavioral4

    • Target

      ??????.url

    • Size

      201B

    • MD5

      47a561901ffa934b885b8de0ce516631

    • SHA1

      adfe50a7a7668789a3190b2b7d0695854e8e75cd

    • SHA256

      cf6821351c7c30b25243bcfc480784595845a7c7d4c6eec0b0219d0b4bb6d334

    • SHA512

      b8db94d365f36079ba58d26ebf59f45ff14a5b71fc9fc6d7eea6bb92ccb1506d678684abbfeea95b91e378b20346ed2ff5c820866b50f17712da7daa69874f66

    Score
    6/10
    evasiontrojanpersistence
    behavioral5behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

2
T1060

Privilege Escalation

Defense Evasion

Modify Registry

5
T1112

Credential Access

Discovery

Query Registry

4
T1012

System Information Discovery

7
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks