Overview

overview

10

Static

static

8

ARP...վ.url

windows7-x64

1

ARP...վ.url

windows10-2004-x64

1

սʬ...ON.dll

windows7-x64

10

սʬ...ON.dll

windows10-2004-x64

10

սʬ....exe

windows7-x64

8

սʬ....exe

windows10-2004-x64

8

....url

windows7-x64

1

....url

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7643d72e19fdaeb359c5ab51417357040e2044cec1e8ac03245cb22d2261be01

  • Size

    1.2MB

  • Sample

    221127-ycql2shb6v

  • MD5

    a0882b42ec099e8b77a0bb39741bcff5

  • SHA1

    caf8e2ad62b90ce830b0ce63638699e2b236b863

  • SHA256

    7643d72e19fdaeb359c5ab51417357040e2044cec1e8ac03245cb22d2261be01

  • SHA512

    33419c6c167ae76a367afef14d165d9fdfd3fa4ea777bc8a689720a4694a2af8ebcb11c1dbbc596bbf20dd8935bf9dd13a8d6bb206a365bd89cb867f51a96cb1

  • SSDEEP

    24576:gN11tlntuzpt1uwz//Jc9VuwxUtyPdUhx0gGhGKMUHOcDZK6TcHG:YrAt1PLJK0gGhxShZRHOcD3Td

Score
10/10
ramnitbankerbootkitpersistencespywarestealertrojanupxworm

Malware Config

Targets

    • Target

      ARP_ɫվ.url

    • Size

      296B

    • MD5

      e9a649a6ef7d0ca04461abf899cb3d57

    • SHA1

      751d27922f8eb48ac675fdeb0964e4ecd6b97e71

    • SHA256

      b06c3f2b947d9abf0dfe4a7324911dc0179013138a85b313858aa263bf517af7

    • SHA512

      b89f37164ed1d0200af944384f951b525c194f1fb01a2f79d02c3af33f82d71349db3a9b71b0a9f9835c3bf5b90a92f689d09499e0f6a5445dbae7dc337224da

    Score
    1/10
    behavioral1behavioral2

    • Target

      սʬͻ/FSMON.DLL

    • Size

      808KB

    • MD5

      a64b6bd81946099304da6f3be9610a50

    • SHA1

      98daddca2610e275f3beddd56f29973c3605debc

    • SHA256

      e0695337213c971ffd19328928cf1b701e2cd89f6bba3235f1330a7057872058

    • SHA512

      e291265dd126753cae479045b8830ca31d57d14adb5a682fa4bb5c704b27109298eed5528a3d845e0635da00120fa9554173bfc2f00c1fd5f2b3f057346ea7d8

    • SSDEEP

      24576:1NxD6TO4LhtzHcfMqEbn+kZC9AQfCcKBdzIb3cz24:74TXLLHcbe+USo0bsz24

    Score
    10/10
    ramnitbankerspywarestealertrojanupxworm

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

      trojanspywarestealerwormbankerramnit

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral3behavioral4

    • Target

      սʬͻ/սʬͻ.exe

    • Size

      769KB

    • MD5

      8354feb38f8f6db5d3ae96570a80cd99

    • SHA1

      9689fa9595d3753c266f54ab4ae3bfa6c6c949ac

    • SHA256

      06d5d50419daa4dca974cf52b5ca051664ec9ab4800f45e8b3185b2acdb5bccb

    • SHA512

      2f37fb0df19141f2faa0e23692530139706e83d928b7fdc67924ee970c9d58eb9a7fbbd192f36ab93ab1e9f1215f3ad547bdfa9092ae907541a53e2611b0bb5d

    • SSDEEP

      12288:qEToiSxW7e7RJlM9KX5qce1F5RgOsguxrd6Iu93w9up+IRXURelNZi+uesixqxOP:q3b0itXMKWRD1uqv3ywYeluAAOzNjoW

    Score
    8/10
    bootkitpersistenceupx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral5behavioral6

    • Target

      .url

    • Size

      367B

    • MD5

      d8c4663d9392fa75e61b9a3423e1dc85

    • SHA1

      7d2b2a269349c77acb30a43b5369dedfd9959f69

    • SHA256

      c53b912ff65191bca2caf13bb527a95593b275f057c39cbdc4bb2505225a2bf5

    • SHA512

      fcb6accf4bce2ab6f4ac3ac521562ef8568443f4ea7aa2a9a6911c91ac39d1c15b9fa7499feb76774cb7445d7d7d10a7fc42e02a8a279b9883c1b83a45de208b

    Score
    1/10
    behavioral7behavioral8

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

1
T1067

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks