Overview

overview

10

Static

static

8

范伟打�...PI.dll

windows7_x64

10

范伟打�...PI.dll

windows10-2004_x64

1

范伟打�...dm.dll

windows7_x64

10

范伟打�...dm.dll

windows10-2004_x64

10

范伟打�...dm.dll

windows7_x64

10

范伟打�...dm.dll

windows10-2004_x64

10

范伟打�...��.bat

windows7_x64

1

范伟打�...��.bat

windows10-2004_x64

1

范伟打�...�.docx

windows7_x64

1

范伟打�...�.docx

windows10-2004_x64

1

范伟打�...��.exe

windows7_x64

10

范伟打�...��.exe

windows10-2004_x64

1

范伟打�...��.bat

windows7_x64

7

范伟打�...��.bat

windows10-2004_x64

1

范伟打�...��.exe

windows7_x64

1

范伟打�...��.exe

windows10-2004_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6ace4ddf63aa8d54b60f01e6aaa4638c27b49dfc64a707e35c004eee09de1c7f

  • Size

    4.4MB

  • Sample

    220524-v9q3asfgaj

  • MD5

    8172bf3573347b7005b4aeafc53aa6ec

  • SHA1

    85c63937767ea3bea1cda6b8b3dde86028ca0278

  • SHA256

    6ace4ddf63aa8d54b60f01e6aaa4638c27b49dfc64a707e35c004eee09de1c7f

  • SHA512

    4748735341d9094055b7113e9802ba6f1ad6e9eebcdc2975c3f2a88343fa08adc5d9d60c924117c77d34f55c7ba5f654b1b81b40206b88f80086770a30c69582

Score
10/10
ramnitbankerbootkitpersistencespywarestealertrojanupxworm

Malware Config

Targets

    • Target

      范伟打天下招财宝辅助/CrackCaptchaAPI.dll

    • Size

      1.4MB

    • MD5

      f7e325222e43131fdc33002feb79e72a

    • SHA1

      7567e8ac0e66df934a59bb47983ef7e5f54035af

    • SHA256

      f9cda9e6e65da73434958d2013530f7224c76f930992de1bfb8b99f3d7a7dc3a

    • SHA512

      fea1263247bab514940d75f44ae6af22d8f757c74e6893a42fbab82e7f55ca7bd9c14a0a08e5ed5748221c9b9eac2bc8647b2b4dcc924f1dfdcf26b8862757a8

    Score
    10/10
    ramnitbankerbootkitpersistencespywarestealertrojanworm

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

      trojanspywarestealerwormbankerramnit

    • Executes dropped EXE

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Drops file in System32 directory

    behavioral1behavioral2

    • Target

      范伟打天下招财宝辅助/data/dm.dll

    • Size

      860KB

    • MD5

      0124de17de85c71d43e062b5c36501a4

    • SHA1

      fae128fd4743ce22b008acaf4ca0da0bc34182bd

    • SHA256

      94811d833c7af1de6247ef7de86518ddb74b944f597d62a76b2d73dba7e37d10

    • SHA512

      6e7f6605c202bb865f7c095d1e8f3db84cef78fcc9bf69ad994c83545a92c96f870aea432b19b0a979d08274696fc90168036d83e532fc42d7ebf08e6c3dfdc3

    Score
    10/10
    ramnitbankerspywarestealertrojanwormupx

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

      trojanspywarestealerwormbankerramnit

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral3behavioral4

    • Target

      范伟打天下招财宝辅助/dm.dll

    • Size

      860KB

    • MD5

      0124de17de85c71d43e062b5c36501a4

    • SHA1

      fae128fd4743ce22b008acaf4ca0da0bc34182bd

    • SHA256

      94811d833c7af1de6247ef7de86518ddb74b944f597d62a76b2d73dba7e37d10

    • SHA512

      6e7f6605c202bb865f7c095d1e8f3db84cef78fcc9bf69ad994c83545a92c96f870aea432b19b0a979d08274696fc90168036d83e532fc42d7ebf08e6c3dfdc3

    Score
    10/10
    ramnitbankerspywarestealertrojanwormupx

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

      trojanspywarestealerwormbankerramnit

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral5behavioral6

    • Target

      范伟打天下招财宝辅助/如果出现白屏无法进入游戏请点击我清理IE垃圾.bat

    • Size

      419B

    • MD5

      6322f531e4f7808f672fda11ce584acc

    • SHA1

      b24b39661cc2f5e6983e30a64aaeae36dd6b155b

    • SHA256

      0a56e87691b6ad5e51ca996764e47acf85f643e215f3507739fa92809edb179f

    • SHA512

      278780fca8fcd6725066b15801a79e2f8aacf24a77fc23d76fe58fa88c620a44d3101515e2e869e64f713aee4ef600383d1f8986c958288b563bdfee9f8cc95d

    Score
    1/10
    behavioral7behavioral8

    • Target

      范伟打天下招财宝辅助/打天下.docx

    • Size

      14KB

    • MD5

      162ed8f97d07ab7d5fc0247a3882214e

    • SHA1

      25d9d1beb6cb9ad827bc6eb91473466a4b3c9396

    • SHA256

      dd16d6e9fc980e69ead21f86fe118f68060cb72df78c638cd24227042153eecb

    • SHA512

      1d88cf0ab9bd9e9dd4654eaeb2ee3eb9ae2a2ec7a3abd06593d230df5ca3148b945976fde932fcf141f7dc61c2c00f59f7ca43802ddb47ea53ce37b9f5be22d7

    Score
    1/10
    behavioral9behavioral10

    • Target

      范伟打天下招财宝辅助/招财宝辅助.exe

    • Size

      1.7MB

    • MD5

      9cae8990cec8fff426d4555e1ceda109

    • SHA1

      5b23b743f57ff137bd8f04dcdb44235ad354169b

    • SHA256

      7312da64e917caab82def3a5c324b8a2c4ca613676971585ad8f50094ea57cd9

    • SHA512

      0a14cb69b7916df5c275bc4aebae870221412fbd61407abff3ce6e67e32969497cac5ff269677121047c78c5093a9877507831417245e25f0b09f15346c2ff8f

    Score
    10/10
    ramnitbankerspywarestealertrojanupxworm

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

      trojanspywarestealerwormbankerramnit

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral11behavioral12

    • Target

      范伟打天下招财宝辅助/清理缓存.bat

    • Size

      419B

    • MD5

      6322f531e4f7808f672fda11ce584acc

    • SHA1

      b24b39661cc2f5e6983e30a64aaeae36dd6b155b

    • SHA256

      0a56e87691b6ad5e51ca996764e47acf85f643e215f3507739fa92809edb179f

    • SHA512

      278780fca8fcd6725066b15801a79e2f8aacf24a77fc23d76fe58fa88c620a44d3101515e2e869e64f713aee4ef600383d1f8986c958288b563bdfee9f8cc95d

    Score
    7/10

    • Deletes itself

    behavioral13behavioral14

    • Target

      范伟打天下招财宝辅助/精灵浏览器.exe

    • Size

      2.3MB

    • MD5

      acdd83201ff22c579259da593aaeab0c

    • SHA1

      28a7e0c99bc8ada672950ee2e1261c0a8f84f6a6

    • SHA256

      9c36759e9cb1e8db184db89a90815bab4e2246e71f0eb380eb32047d6386f3b2

    • SHA512

      6fbd13f04bb65a9eb89cbe321fddee045c77993ce393e2455c99cf3903267e6edcdc9f043f96f8d128151ae3bdd2b1689564962459e66ac51dd53b5e1426a31c

    Score
    1/10
    behavioral15behavioral16

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

1
T1067

Privilege Escalation

Defense Evasion

Modify Registry

4
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks