Overview

overview

10

Static

static

c10ba66501...65.dll

windows7-x64

10

c10ba66501...65.dll

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c10ba6650125d86815fb245144516f2286eeba942a34b69581156092033e3f65

  • Size

    272KB

  • Sample

    221123-vg7jksha65

  • MD5

    15d184d15a7a777fe23b2f73a9c97a2c

  • SHA1

    aae7d3db6cb0d071050e422849ebc0fbb66f2930

  • SHA256

    c10ba6650125d86815fb245144516f2286eeba942a34b69581156092033e3f65

  • SHA512

    bb19995b26cc78b4ec5904f96c2348e28dcb01a7e073def2b800a0c5c43ebb87ea3f26b0343d482d89b4ee90d814d178f9c0e206d060207ad52405d9aac0425d

  • SSDEEP

    3072:V4vR1RkTcZ7fcxdl5CTxlGuo7EI4Mvu/JQtmLYPrLjoxCvC1uHxMFsk3p/g+wFaG:VolGAMsur/GpF/iYsbjA5o

Score
10/10
ramnitbankerevasionpersistencespywarestealertrojanworm

Malware Config

Targets

    • Target

      c10ba6650125d86815fb245144516f2286eeba942a34b69581156092033e3f65

    • Size

      272KB

    • MD5

      15d184d15a7a777fe23b2f73a9c97a2c

    • SHA1

      aae7d3db6cb0d071050e422849ebc0fbb66f2930

    • SHA256

      c10ba6650125d86815fb245144516f2286eeba942a34b69581156092033e3f65

    • SHA512

      bb19995b26cc78b4ec5904f96c2348e28dcb01a7e073def2b800a0c5c43ebb87ea3f26b0343d482d89b4ee90d814d178f9c0e206d060207ad52405d9aac0425d

    • SSDEEP

      3072:V4vR1RkTcZ7fcxdl5CTxlGuo7EI4Mvu/JQtmLYPrLjoxCvC1uHxMFsk3p/g+wFaG:VolGAMsur/GpF/iYsbjA5o

    Score
    10/10
    ramnitbankerevasionpersistencespywarestealertrojanworm

    • Modifies WinLogon for persistence

      persistence

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

      trojanspywarestealerwormbankerramnit

    • UAC bypass

      evasiontrojan

    • Executes dropped EXE

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

1
T1004

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Bypass User Account Control

1
T1088

Defense Evasion

Modify Registry

3
T1112

Bypass User Account Control

1
T1088

Disabling Security Tools

1
T1089

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks