Overview

overview

10

Static

static

bb189de24f...d6.dll

windows7-x64

10

bb189de24f...d6.dll

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    bb189de24f845a18883a98de4498534428fedd32d78a6c2b0ee37b9c1a275ad6

  • Size

    191KB

  • Sample

    221127-c272qsgf7v

  • MD5

    a78ad226c51caad289b51f7df9c65549

  • SHA1

    f9c4bfb6f0a9db0f7c5b576ee2e776221bc7fd7d

  • SHA256

    bb189de24f845a18883a98de4498534428fedd32d78a6c2b0ee37b9c1a275ad6

  • SHA512

    92a6d3c229f2e4bae7a31121482b68b29bd26c8eccaf2c723003fdf73543dc9a9e166af70886313faf8f94f2a28e84b9fab4fc1d06130571b0f3ea9d413cd224

  • SSDEEP

    3072:POBOLWXivHYMzv2HvP5YeBTEEP2831Vr/rF8QOSta7Wej6dCJrdMldCM07:POp8HpzdQOStKzrdp17

Score
10/10
ramnitbankerpersistencespywarestealertrojanupxworm

Malware Config

Targets

    • Target

      bb189de24f845a18883a98de4498534428fedd32d78a6c2b0ee37b9c1a275ad6

    • Size

      191KB

    • MD5

      a78ad226c51caad289b51f7df9c65549

    • SHA1

      f9c4bfb6f0a9db0f7c5b576ee2e776221bc7fd7d

    • SHA256

      bb189de24f845a18883a98de4498534428fedd32d78a6c2b0ee37b9c1a275ad6

    • SHA512

      92a6d3c229f2e4bae7a31121482b68b29bd26c8eccaf2c723003fdf73543dc9a9e166af70886313faf8f94f2a28e84b9fab4fc1d06130571b0f3ea9d413cd224

    • SSDEEP

      3072:POBOLWXivHYMzv2HvP5YeBTEEP2831Vr/rF8QOSta7Wej6dCJrdMldCM07:POp8HpzdQOStKzrdp17

    Score
    10/10
    ramnitbankerpersistencespywarestealertrojanupxworm

    • Modifies WinLogon for persistence

      persistence

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

      trojanspywarestealerwormbankerramnit

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks