Overview

overview

10

Static

static

virussign.dll

windows7_x64

10

virussign.dll

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    virussign.com_4fc335703cfb06c1c8e82b3faa80f8d0

  • Size

    844KB

  • Sample

    220713-rgprzsehem

  • MD5

    4fc335703cfb06c1c8e82b3faa80f8d0

  • SHA1

    07d6349c60aabca12c95d4417413881d2d2d72d9

  • SHA256

    81b64a354103b21b8d7f2bebb62923b5c2bc4f7f9cba5197fc24b5d869c032be

  • SHA512

    aca6e1720963628d3e24d2867b003d2b7dd64f4d8da2c9b029c5779544503b6e3a1ba632a1b60f041e9084b85414294ba226256aebabf3d5579cda4d2599ce08

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Targets

    • Target

      virussign.com_4fc335703cfb06c1c8e82b3faa80f8d0

    • Size

      844KB

    • MD5

      4fc335703cfb06c1c8e82b3faa80f8d0

    • SHA1

      07d6349c60aabca12c95d4417413881d2d2d72d9

    • SHA256

      81b64a354103b21b8d7f2bebb62923b5c2bc4f7f9cba5197fc24b5d869c032be

    • SHA512

      aca6e1720963628d3e24d2867b003d2b7dd64f4d8da2c9b029c5779544503b6e3a1ba632a1b60f041e9084b85414294ba226256aebabf3d5579cda4d2599ce08

    Score
    10/10
    ramnitbankerspywarestealertrojanupxworm

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

      trojanspywarestealerwormbankerramnit

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks