Overview

overview

10

Static

static

at180dll_i...??.url

windows7_x64

6

at180dll_i...??.url

windows10-2004_x64

6

at180dll_i...??.url

windows7_x64

6

at180dll_i...??.url

windows10-2004_x64

6

at180dll_i...80.dll

windows7_x64

10

at180dll_i...80.dll

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2014765669161ed0941ef986598f07efda0a87c1862e85f3c54c5da3abd9a6bc

  • Size

    105KB

  • Sample

    220612-q1ssbadgej

  • MD5

    a1c9874569dbfa923ec287e810f046b9

  • SHA1

    d30846aa5b731478ccc17ca3ec6c2c2b0640aba9

  • SHA256

    2014765669161ed0941ef986598f07efda0a87c1862e85f3c54c5da3abd9a6bc

  • SHA512

    c45e1e4e7e37ed16640d32b46a62d1382a389b40cf8f9f3393538f55230c1a9e36ccbd2b5a52bf468e0b5a9d09b721538b3cdf07ec34a23e334e250c0b2a4dcc

Score
10/10
ramnitbankerevasionpersistencespywarestealertrojanupxworm

Malware Config

Targets

    • Target

      at180dll_itmop.com/IT???.url

    • Size

      332B

    • MD5

      5fd0d7045ed3f025aae5bf2c84579936

    • SHA1

      07a4f1b62b2d3570fe1bf6b3fd555aa9710cf029

    • SHA256

      759fcc17e29ef279be3a30af2051f2aa2ed1823fe953497eafdbceb3c2605339

    • SHA512

      1b26d23bea296ce074aab4b6fa83c60757d94cc304c6f83d4439f388821a7b6bef527a468bdb0ec98bdc7833eb0996892e5f74e752761e2a6a8a3a100c6dbb2c

    Score
    6/10
    evasiontrojanpersistence
    behavioral1behavioral2

    • Target

      at180dll_itmop.com/IT???_????.url

    • Size

      392B

    • MD5

      2c76b971ac9d6834deb20afe958c3094

    • SHA1

      85784473713fe2b371a9042e23b730660d2197b6

    • SHA256

      1579dcda6f1bc3d32f494c24482fcb222262f616575925cdd1fb4204216489cc

    • SHA512

      707b665b1b31fa3369c12c0187ff4a198a51cbaccd0ec546b8df775516239b1afebaff9bd81cd8f503d8375cacb7ac5e2cbf180db3e0f532f7187308d1bab362

    Score
    6/10
    evasiontrojanpersistence
    behavioral3behavioral4

    • Target

      at180dll_itmop.com/atl80.dll

    • Size

      151KB

    • MD5

      5d4a4abc9e75b1982bd9d0826436e7b7

    • SHA1

      7ecd11a34f83638b982fd16231da47108c6dffb6

    • SHA256

      7535b5e21a73e27910f621b959b4f2f788278c17ca0bcf097a601527e59ada09

    • SHA512

      ce9db340d8c4fe08e0bad5a3a7c0330e695e99ec242d68f6a87a8aac76972201ac6e5723f253c6755288474a64ce906f0c727ccdce063dc718489cb6f45dae9f

    Score
    10/10
    ramnitbankerspywarestealertrojanupxworm

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

      trojanspywarestealerwormbankerramnit

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral5behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

2
T1060

Privilege Escalation

Defense Evasion

Modify Registry

5
T1112

Credential Access

Discovery

System Information Discovery

6
T1082

Query Registry

2
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks