General
-
Target
ababa65b110ae74af74bfd4a9089f1ad8cd4b6837479a2c7003ef983ac293720
-
Size
722KB
-
Sample
221123-thm1wshb8s
-
MD5
1a215650cb80822806662b810a828934
-
SHA1
351b0cf0fee6c325e23c7905a60b93d976dab254
-
SHA256
ababa65b110ae74af74bfd4a9089f1ad8cd4b6837479a2c7003ef983ac293720
-
SHA512
e30392841335dcc90b283edee0f6fe1f45b936ea48753374593ccda9d32aed64c5cfd4dc9d2e6896432d9eef3d8af60afc9eb23f1e75b4e0c3d2e974a316af0d
-
SSDEEP
6144:PBaZA6AM5tm1BS4i4jARHKhyFxQZZxbDGABUs4r110glX1Wt10grAdRgK0EQ:PcA6SbVi42BFx8dDlMB1fe1nAdmn
Malware Config
Targets
-
-
Target
ababa65b110ae74af74bfd4a9089f1ad8cd4b6837479a2c7003ef983ac293720
-
Size
722KB
-
MD5
1a215650cb80822806662b810a828934
-
SHA1
351b0cf0fee6c325e23c7905a60b93d976dab254
-
SHA256
ababa65b110ae74af74bfd4a9089f1ad8cd4b6837479a2c7003ef983ac293720
-
SHA512
e30392841335dcc90b283edee0f6fe1f45b936ea48753374593ccda9d32aed64c5cfd4dc9d2e6896432d9eef3d8af60afc9eb23f1e75b4e0c3d2e974a316af0d
-
SSDEEP
6144:PBaZA6AM5tm1BS4i4jARHKhyFxQZZxbDGABUs4r110glX1Wt10grAdRgK0EQ:PcA6SbVi42BFx8dDlMB1fe1nAdmn
Score10/10-
Modifies WinLogon for persistence
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Adds policy Run key to start application
-
Disables RegEdit via registry modification
-
Executes dropped EXE
-
Modifies Windows Firewall
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies WinLogon
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-