Overview

overview

10

Static

static

FTPSet.exe

windows7_x64

10

FTPSet.exe

windows10-2004_x64

10

FtpSrv.exe

windows7_x64

10

FtpSrv.exe

windows10-2004_x64

10

QB903D.exe

windows7_x64

1

QB903D.exe

windows10-2004_x64

1

ecgdb.exe

windows7_x64

1

ecgdb.exe

windows10-2004_x64

1

ecgpaint.exe

windows7_x64

10

ecgpaint.exe

windows10-2004_x64

10

imgctl.dll

windows7_x64

10

imgctl.dll

windows10-2004_x64

10

sysdef.dll

windows7_x64

10

sysdef.dll

windows10-2004_x64

10

tcpip.exe

windows7_x64

10

tcpip.exe

windows10-2004_x64

10

Resubmissions

16-06-2022 11:45

220616-nwzzqahca6 10

16-06-2022 02:20

220616-cswmcafehr 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1.zip

  • Size

    1.2MB

  • Sample

    220616-cswmcafehr

  • MD5

    3c56a7bf04bad7f85cf469e35c305358

  • SHA1

    21b4fa76aa403646f0dd79c70322299d695787ae

  • SHA256

    c641a8d24354b0ed3cf3d21c21e8c6f58d969a667985f829edebbadcf84f32ec

  • SHA512

    f03940882e949e19736de4652514fcf61c9865556e7a7f9bbbdf620db39c531fb2c2e6a92f6445a816e356c4dbaec3394f1e584420d25f4c9f6bda3acbc6c2a2

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Targets

    • Target

      FTPSet.exe

    • Size

      272KB

    • MD5

      cd92ea901263b421bc4a45eae91b9272

    • SHA1

      f5cecd22c4648121b356d3c0c991129479f00726

    • SHA256

      5704a43364e711e80ab09c935b2075fef4c6e54738df7f7bed0f4289386405f4

    • SHA512

      43e777d0b57b77062c8bfa1e0daa1626707b71854cd57fb2bcca4a09053b64491d1ec5e4fab80b0514af6f1daac58610d439e35d32bb71dd0806b378506b1528

    Score
    10/10
    ramnitbankerspywarestealertrojanupxworm

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

      trojanspywarestealerwormbankerramnit

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      FtpSrv.exe

    • Size

      124KB

    • MD5

      3d32a10d3505697451519ed9578e349c

    • SHA1

      c02e2cf2c18da681c0556b3d9259400864c85cee

    • SHA256

      31972345438e370070d128c0564e5f1d2008a23edbf94549246597ced5755340

    • SHA512

      7e1466d9f200163b50a1d7c5efa9bb7e12289f2535603c49d5e78c834858b4522b76f68494f3904d02bd8862a30f8ae49224a8c376076953f5f1362fa5e931e2

    Score
    10/10
    ramnitbankerspywarestealertrojanupxworm

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

      trojanspywarestealerwormbankerramnit

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    behavioral3behavioral4

    • Target

      QB903D.exe

    • Size

      490KB

    • MD5

      1aeaeebe597f1e5d23ec778db8c943b1

    • SHA1

      5cec975541cd77f49a39ed280d3df5ccfc506a04

    • SHA256

      fd5b86f95bbc56522ae5720454358dab015edf02253945f6ec84b923fbad5697

    • SHA512

      4672d7e3901ebbe45b3c8207ebbb16055b88ba72fb0f959a9311c434ad4e2dab4493f003d597ebd3e44d0173a140047d1c7d3511965fdb0e98ba323b4df31b89

    Score
    1/10
    behavioral5behavioral6

    • Target

      ecgdb.exe

    • Size

      252KB

    • MD5

      055214d1cc50f611b599cbd8debbf077

    • SHA1

      7332eb0aadea8dc467cf5325c078fad30da00f48

    • SHA256

      c33ad9c778ca78fb5c56a525c9e65a6ae9d730a09f2df6d1d87d9a398bf7b01b

    • SHA512

      f39ee92e564513f865ef144239ae43a935451dd8452f6f553d60ff106ecae3dbb942b111c33da2b20632cdcf9acc548d1261fe054a734d0ae2e629ffdf3d1065

    Score
    1/10
    behavioral7behavioral8

    • Target

      ecgpaint.exe

    • Size

      656KB

    • MD5

      7056f2f0f8555fed8cf99ec522d892aa

    • SHA1

      a8bdca81025349245aecaf561d2c373ef5c0fd78

    • SHA256

      9b621534e64ac9bdb30596c43633185a75593a2b400f32c184b4da607d121e2f

    • SHA512

      a7921d4f02c0f03204424af46f95924fbd4a2cca627ff7bf48487807356d342b93d0a9071e6ccf1205686b8ebaf9767122c4c8c3216bf711b4d0a5130578ad96

    Score
    10/10
    ramnitbankerspywarestealertrojanupxworm

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

      trojanspywarestealerwormbankerramnit

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    behavioral9behavioral10

    • Target

      imgctl.dll

    • Size

      420KB

    • MD5

      42e7b4b831b5da9650eb251234943a60

    • SHA1

      11f297aa779a02b1c0a8977b7ef7eef7bbbe2f89

    • SHA256

      dc209d9d68ce96de6e6dbaf453e33ee8dec73b654c3c0eb27f03cbcf80d27b03

    • SHA512

      395f1752527d26e3afe756dd16abc1f5d5be56b275671acadbd1753e5f1d46495aabc217a54640741fac6b8565638db2d0185284a33c46c12b226dc7124a6a76

    Score
    10/10
    ramnitbankerspywarestealertrojanupxworm

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

      trojanspywarestealerwormbankerramnit

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral11behavioral12

    • Target

      sysdef.dll

    • Size

      128KB

    • MD5

      c73b69a05926ba4500d677be162e2d2e

    • SHA1

      18da0621d6f6f3df5eaff883d91d6091608fb411

    • SHA256

      c7fc84587d69caed369dc5e5826f244b8df9d4bad18a8417e318f7a771974d72

    • SHA512

      640c51709e8c2bf008acf40909ad982dc1bb346882021dde60f06050ff65e736e4ea52b0a8bd378fc08d30606bf133ee393855c1e3050291b23f0a1f688f1df9

    Score
    10/10
    ramnitbankerspywarestealertrojanupxworm

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

      trojanspywarestealerwormbankerramnit

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral13behavioral14

    • Target

      tcpip.exe

    • Size

      132KB

    • MD5

      1d0dd320d806faba3ef111d7866dcc95

    • SHA1

      c2346a33783b38fffc3f3aca0c4eba9b315570f7

    • SHA256

      9455b76b37e7a2a7f7ef3ec76f69acd40511b0ddde3af3cf746311a5e2498b15

    • SHA512

      da50030b30cce8f0b3dae0ac4cb105d91d1f3b466780d9fe466479441d9945280d9bec2fee52ede6cdeb802be460072fc63dbe645eb0cc1739d35a8e3f923b17

    Score
    10/10
    ramnitbankerspywarestealertrojanupxworm

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

      trojanspywarestealerwormbankerramnit

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    behavioral15behavioral16

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

6
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

Score
N/A

behavioral1

ramnitbankerspywarestealertrojanupxworm
Score
10/10

behavioral2

ramnitbankerspywarestealertrojanupxworm
Score
10/10

behavioral3

ramnitbankerspywarestealertrojanupxworm
Score
10/10

behavioral4

ramnitbankerspywarestealertrojanupxworm
Score
10/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

ramnitbankerspywarestealertrojanupxworm
Score
10/10

behavioral10

ramnitbankerspywarestealertrojanupxworm
Score
10/10

behavioral11

ramnitbankerspywarestealertrojanupxworm
Score
10/10

behavioral12

ramnitbankerspywarestealertrojanupxworm
Score
10/10

behavioral13

ramnitbankerspywarestealertrojanupxworm
Score
10/10

behavioral14

ramnitbankerspywarestealertrojanupxworm
Score
10/10

behavioral15

ramnitbankerspywarestealertrojanupxworm
Score
10/10

behavioral16

ramnitbankerspywarestealertrojanupxworm
Score
10/10