Overview

overview

10

Static

static

8

c8b846efff...be.exe

windows7-x64

10

c8b846efff...be.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c8b846efff2b4e197a98be1a4dc35117725ee905c0f5b7e22c87183ce67f6dbe

  • Size

    829KB

  • Sample

    221124-lgy3rsha6y

  • MD5

    e0a867c1368e0a0f7cee9f9304826945

  • SHA1

    f179c0b49d3d3705d99697702ac5383ba018f30a

  • SHA256

    c8b846efff2b4e197a98be1a4dc35117725ee905c0f5b7e22c87183ce67f6dbe

  • SHA512

    ebee0a2f4ad1ee3b042befeb6f5351293fe7c376c2686c7ba0e2de9f5411532f20d0e9886c2254389b5cb51a1dcd75da56d1f61d78bbfe02239ec91fcb5c780e

  • SSDEEP

    24576:Un+GIgqdJeXo7joesIeXE2zp8jvJUKGU99o:7OqdMXcTslE2zpSqKGUv

Score
10/10
ramnitbankerbootkitpersistencespywarestealertrojanupxworm

Malware Config

Targets

    • Target

      c8b846efff2b4e197a98be1a4dc35117725ee905c0f5b7e22c87183ce67f6dbe

    • Size

      829KB

    • MD5

      e0a867c1368e0a0f7cee9f9304826945

    • SHA1

      f179c0b49d3d3705d99697702ac5383ba018f30a

    • SHA256

      c8b846efff2b4e197a98be1a4dc35117725ee905c0f5b7e22c87183ce67f6dbe

    • SHA512

      ebee0a2f4ad1ee3b042befeb6f5351293fe7c376c2686c7ba0e2de9f5411532f20d0e9886c2254389b5cb51a1dcd75da56d1f61d78bbfe02239ec91fcb5c780e

    • SSDEEP

      24576:Un+GIgqdJeXo7joesIeXE2zp8jvJUKGU99o:7OqdMXcTslE2zpSqKGUv

    Score
    10/10
    ramnitbankerspywarestealertrojanupxwormbootkitpersistence

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

      trojanspywarestealerwormbankerramnit

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks