Overview

overview

10

Static

static

8

սʬ...on.dll

windows7-x64

10

սʬ...on.dll

windows10-2004-x64

10

սʬ...�2.exe

windows7-x64

8

սʬ...�2.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    30660994246b21c88a43359815f1d9ea972228ed56660b5e6f3215cab62fb926

  • Size

    1.2MB

  • Sample

    221124-gc1zcafd2w

  • MD5

    ec4802baf64a05b4e6ced21032037ac0

  • SHA1

    79919bd7a6cc52429f994da3154aa313c972caa0

  • SHA256

    30660994246b21c88a43359815f1d9ea972228ed56660b5e6f3215cab62fb926

  • SHA512

    447ad1f7bf577a81bc8cad948461746a8e14e62973ce82e226c66e9a4fc7dafc750e1ada4332ee822de0ca61f5410de19464ec88c340e1af4419ae86e2d59e52

  • SSDEEP

    24576:Y4lghckpHVaDXCPKGIFwDjPrZ3Q8z/B2ns4uyzC58yIe4HQg1K8:YiwpHVazCPKfKDVzB2ns4qChQgL

Score
10/10
ramnitbankerbootkitpersistencespywarestealertrojanupxworm

Malware Config

Targets

    • Target

      սʬͻV1108/NZSGFZ V1031/fsMon.dll

    • Size

      808KB

    • MD5

      a64b6bd81946099304da6f3be9610a50

    • SHA1

      98daddca2610e275f3beddd56f29973c3605debc

    • SHA256

      e0695337213c971ffd19328928cf1b701e2cd89f6bba3235f1330a7057872058

    • SHA512

      e291265dd126753cae479045b8830ca31d57d14adb5a682fa4bb5c704b27109298eed5528a3d845e0635da00120fa9554173bfc2f00c1fd5f2b3f057346ea7d8

    • SSDEEP

      24576:1NxD6TO4LhtzHcfMqEbn+kZC9AQfCcKBdzIb3cz24:74TXLLHcbe+USo0bsz24

    Score
    10/10
    ramnitbankerspywarestealertrojanupxworm

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

      trojanspywarestealerwormbankerramnit

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

    • Target

      սʬͻV1108/NZSGFZ V1031/սʬͻ2.exe

    • Size

      769KB

    • MD5

      8354feb38f8f6db5d3ae96570a80cd99

    • SHA1

      9689fa9595d3753c266f54ab4ae3bfa6c6c949ac

    • SHA256

      06d5d50419daa4dca974cf52b5ca051664ec9ab4800f45e8b3185b2acdb5bccb

    • SHA512

      2f37fb0df19141f2faa0e23692530139706e83d928b7fdc67924ee970c9d58eb9a7fbbd192f36ab93ab1e9f1215f3ad547bdfa9092ae907541a53e2611b0bb5d

    • SSDEEP

      12288:qEToiSxW7e7RJlM9KX5qce1F5RgOsguxrd6Iu93w9up+IRXURelNZi+uesixqxOP:q3b0itXMKWRD1uqv3ywYeluAAOzNjoW

    Score
    8/10
    bootkitpersistenceupx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

1
T1067

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks