Overview

overview

10

Static

static

559a0c77c7...59.exe

windows7-x64

10

559a0c77c7...59.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    559a0c77c733d6206a2f3b3f4748a10182634b207f5ad1b30fa66bdb3d025059

  • Size

    1.2MB

  • Sample

    221028-y15e4sdgg2

  • MD5

    0b0abebcf52608a0a662c17f3bd316d0

  • SHA1

    107c457ae440d137e5735244871f8e8f3998e6e1

  • SHA256

    559a0c77c733d6206a2f3b3f4748a10182634b207f5ad1b30fa66bdb3d025059

  • SHA512

    0f96fbbf4b502f7e5dfb187091a070d0acca5c182ef741210eaf3dbd9e24388fbeb0f9be0e80270eb8fdb71f48d23137771b6ef95d1f3ebf20d640f5ec13b7db

  • SSDEEP

    24576:EdsuNOCN8loXWfgLYeuQaTjCdsyYPDsseHtHwKlK7MMMMMMRxAyTSiU:nuY28SUgLYosT1MMMMMMhTSd

Score
10/10
ramnitbankerpersistencespywarestealertrojanupxworm

Malware Config

Targets

    • Target

      559a0c77c733d6206a2f3b3f4748a10182634b207f5ad1b30fa66bdb3d025059

    • Size

      1.2MB

    • MD5

      0b0abebcf52608a0a662c17f3bd316d0

    • SHA1

      107c457ae440d137e5735244871f8e8f3998e6e1

    • SHA256

      559a0c77c733d6206a2f3b3f4748a10182634b207f5ad1b30fa66bdb3d025059

    • SHA512

      0f96fbbf4b502f7e5dfb187091a070d0acca5c182ef741210eaf3dbd9e24388fbeb0f9be0e80270eb8fdb71f48d23137771b6ef95d1f3ebf20d640f5ec13b7db

    • SSDEEP

      24576:EdsuNOCN8loXWfgLYeuQaTjCdsyYPDsseHtHwKlK7MMMMMMRxAyTSiU:nuY28SUgLYosT1MMMMMMhTSd

    Score
    10/10
    ramnitbankerpersistencespywarestealertrojanupxworm

    • Modifies WinLogon for persistence

      persistence

    • Modifies system executable filetype association

      persistence

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

      trojanspywarestealerwormbankerramnit

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks