Overview

overview

10

Static

static

c9fe980315...64.exe

windows7-x64

10

c9fe980315...64.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    c9fe980315b4a6173172f63828e9d1f087e5fcdab309ea10f326505a3081ea64

  • Size

    199KB

  • Sample

    221203-pbw8rscg2v

  • MD5

    9fdb5c00a6f5c82c474754b78ce83884

  • SHA1

    2ae7697ba6d3d99fd308314ebe31d5fbefa696ad

  • SHA256

    c9fe980315b4a6173172f63828e9d1f087e5fcdab309ea10f326505a3081ea64

  • SHA512

    d7efd6cecd97196830b7678fd852fa640fc81ef4d5e6c1d8f3a8b25db60f9ea722009a0d4ca9550c67288599ee73e4aaa7ebdffadcafc302bd003ab007ee257b

  • SSDEEP

    3072:9Lv1uEf8uBwhGhDdXsrhmnc2l2EchnYeybWWeheZf3Hi+sCSTGl:19uEEThWXsrhTddnYeDbyw1

Score
10/10
ramnitbankerpersistencespywarestealertrojanupxworm

Malware Config

Targets

    • Target

      c9fe980315b4a6173172f63828e9d1f087e5fcdab309ea10f326505a3081ea64

    • Size

      199KB

    • MD5

      9fdb5c00a6f5c82c474754b78ce83884

    • SHA1

      2ae7697ba6d3d99fd308314ebe31d5fbefa696ad

    • SHA256

      c9fe980315b4a6173172f63828e9d1f087e5fcdab309ea10f326505a3081ea64

    • SHA512

      d7efd6cecd97196830b7678fd852fa640fc81ef4d5e6c1d8f3a8b25db60f9ea722009a0d4ca9550c67288599ee73e4aaa7ebdffadcafc302bd003ab007ee257b

    • SSDEEP

      3072:9Lv1uEf8uBwhGhDdXsrhmnc2l2EchnYeybWWeheZf3Hi+sCSTGl:19uEEThWXsrhTddnYeDbyw1

    Score
    10/10
    ramnitbankerpersistencespywarestealertrojanupxworm

    • Modifies WinLogon for persistence

      persistence

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

      trojanspywarestealerwormbankerramnit

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks