General
-
Target
300a9dcd1521f08f0516a1578d3c5ec72e8c25501b300a886b9b2ff74107d9a3
-
Size
132KB
-
Sample
221202-2xpr2ace43
-
MD5
80dcee8c8858c5e1123692425da2e962
-
SHA1
02d2a9adcd60de8e8c4905f54377934f03c0bf59
-
SHA256
300a9dcd1521f08f0516a1578d3c5ec72e8c25501b300a886b9b2ff74107d9a3
-
SHA512
47ed7952dd09803f6df071b77e94e5fcaad60bc033ec7454656344d9b0e35250606da41a171c1c6f6ac9ad6f412e460869f642b11cbb524d98513a512d0ad1d7
-
SSDEEP
1536:gfxdLVZgZVOjClgHpwNmFmwYps0nd4d5AgjE/887CXnPufK7RP7:EbnWwYpRndtPgPufI7
Malware Config
Targets
-
-
Target
300a9dcd1521f08f0516a1578d3c5ec72e8c25501b300a886b9b2ff74107d9a3
-
Size
132KB
-
MD5
80dcee8c8858c5e1123692425da2e962
-
SHA1
02d2a9adcd60de8e8c4905f54377934f03c0bf59
-
SHA256
300a9dcd1521f08f0516a1578d3c5ec72e8c25501b300a886b9b2ff74107d9a3
-
SHA512
47ed7952dd09803f6df071b77e94e5fcaad60bc033ec7454656344d9b0e35250606da41a171c1c6f6ac9ad6f412e460869f642b11cbb524d98513a512d0ad1d7
-
SSDEEP
1536:gfxdLVZgZVOjClgHpwNmFmwYps0nd4d5AgjE/887CXnPufK7RP7:EbnWwYpRndtPgPufI7
Score10/10-
Modifies WinLogon for persistence
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
UAC bypass
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-