Overview

overview

10

Static

static

yymshdsdsd...Fx.dll

windows7-x64

1

yymshdsdsd...Fx.dll

windows10-2004-x64

1

yymshdsdsd...er.dll

windows7-x64

10

yymshdsdsd...er.dll

windows10-2004-x64

10

yymshdsdsd...??.exe

windows7-x64

10

yymshdsdsd...??.exe

windows10-2004-x64

10

yymshdsdsd...jd.dll

windows7-x64

10

yymshdsdsd...jd.dll

windows10-2004-x64

10

yymshdsdsd...sa.dll

windows7-x64

1

yymshdsdsd...sa.dll

windows10-2004-x64

1

yymshdsdsd...dc.dll

windows7-x64

1

yymshdsdsd...dc.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    510aa84775e90c5a93c79d9e7439716b56300e23c4aa8e5fbd22564418bb71db

  • Size

    12.8MB

  • Sample

    220718-wx5klacfc7

  • MD5

    6c78fb773a2fc9e5d1cee16b71ea3d6e

  • SHA1

    61e104b0bdbb3e7ab35a3bc645aa948bcc628aa3

  • SHA256

    510aa84775e90c5a93c79d9e7439716b56300e23c4aa8e5fbd22564418bb71db

  • SHA512

    dd020a74d4e0ebc7231049c51c494272e36e2674cf4d147a988f0c8b70fb44395e374ff3d0da5b56bbe88e576254dc6b03be1eccc02259e1f4b1fa98afc0b87e

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Targets

    • Target

      yymshdsdsdrj_gr/FluorineFx.dll

    • Size

      956KB

    • MD5

      0d38ac67497e4ea389f27527702a21fb

    • SHA1

      b1ecb07bb4c9bf9486784004be21c8b4eabaf66e

    • SHA256

      71f1aa7d4481dc13c7e6ad222544d7d08f3c22e3222a89cb55b01eb1decd1a37

    • SHA512

      5cfc2ec679846c5bdeb39284e7b1bd3a9076855ecc734aef63f4fb86b222b994a9e794e24305009b2afb097ff78c06191a12811c16d2bb02096a415fefd8d22d

    Score
    1/10
    behavioral1behavioral2

    • Target

      yymshdsdsdrj_gr/Net7Cracker.dll

    • Size

      672KB

    • MD5

      c7fd405c5670c64ace4ec8083c72a6c2

    • SHA1

      461ae731048c49f9b23c00f41a760a55c1d93468

    • SHA256

      6c426cc675d38fb863f8b756bcd20dd6ff16e09bb4d5eebe328b10e08f1aeb82

    • SHA512

      8c9eac6c1b1f7a347e86714aec3d23e6c4706962196770a1f088648e97fb24258b4b368355ca60757fd2083bffa8f5c9e2a922da89dac1c2477af36248c3273e

    Score
    10/10
    ramnitbankerspywarestealertrojanupxworm

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

      trojanspywarestealerwormbankerramnit

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral3behavioral4

    • Target

      yymshdsdsdrj_gr/YY???????.exe

    • Size

      9.7MB

    • MD5

      6647a0caa20a9d457ae70b4c6bab01b4

    • SHA1

      13c43500fdbc60412b564f38eab047ab8a2dd544

    • SHA256

      26bd4b545a1433ca69139d0e5362199d4feeece93146f4f4922d35a4feda833d

    • SHA512

      2850d155b481783a9b18167a758a1baec5d773f2ce160045d1bc9d04d748efe5d9f7940a5a6b608f6317f49e0fbc3bcfa8adb60697b29da5335e700790aa10f4

    Score
    10/10
    ramnitbankerspywarestealertrojanupxworm

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

      trojanspywarestealerwormbankerramnit

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    behavioral5behavioral6

    • Target

      yymshdsdsdrj_gr/pljd.dll

    • Size

      3.2MB

    • MD5

      bcdb5cecfbc0beda561dbeb150eb08df

    • SHA1

      2714308e995db1a5ba77696b321b8fb72650e5e3

    • SHA256

      7c17f25b8621980b6a84856578923fc1f4a37ff42eb7e8626308dc49ad7d6d03

    • SHA512

      a630f4fa700d4057b680c335d0ab33fea518284cd076c085b33506c9f712b24f0deadf15e393c249f05efde244edddb6a1a36a99cedc4342de5d628b2da7b43d

    Score
    10/10
    ramnitbankerspywarestealertrojanupxworm

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

      trojanspywarestealerwormbankerramnit

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral7behavioral8

    • Target

      yymshdsdsdrj_gr/rsa.dll

    • Size

      51B

    • MD5

      501e01b74547143c291069ba16117850

    • SHA1

      627491a0a97e2d65739efdc236ba5645d1ee3a80

    • SHA256

      f0b481d895658eda5070fd9876e4ceca0426002c6581f79e494745d72d8dcbd4

    • SHA512

      625326475c444eac403fb57e8a770f32170790a429809f8fbfa5e6629afc29ae60b3d1ceef650dd32b630d55527e62dc5da3fdd679433afc6f59896b5220c88b

    Score
    1/10
    behavioral9behavioral10

    • Target

      yymshdsdsdrj_gr/udc.dll

    • Size

      354KB

    • MD5

      fca87fc8bdd5ca97edcfed1dfc45e2b5

    • SHA1

      728cf2f8f4290fabfa33c124119d36fe7720e945

    • SHA256

      d2623391a3df7085c1268a7ce2f9554b86bdae3b1387c37f080b40c8f979efd9

    • SHA512

      97dd6457866b5b76051378454013abab6dc467b8afccd7735432c4df412e7b1df524611d1db1b5480b636563d1ea8f02a9fb7121392fb20838d92b87cbee37fb

    Score
    3/10
    behavioral11behavioral12

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

3
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks