Overview

overview

10

Static

static

e9c8d9b4f4...4e.dll

windows7-x64

10

e9c8d9b4f4...4e.dll

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    e9c8d9b4f457ec13cae760743f1ffdc3b3536afdd684f0654111360f1655034e

  • Size

    164KB

  • Sample

    221204-b735asbc3x

  • MD5

    a64533c99725bd1cc97366505cf9a0b0

  • SHA1

    2dfe060847ea269e7bb6d64cc6215a335199e444

  • SHA256

    e9c8d9b4f457ec13cae760743f1ffdc3b3536afdd684f0654111360f1655034e

  • SHA512

    35ef67c5f418cbcee3db86278c90d23f2021c08266a6df6c9da96f9f55c621c3bc3895c1d9bad82c4c0dd5ac99876dcbb379b963f29fc0c923617c6753824356

  • SSDEEP

    3072:an4cV8gf2u41Z5tKlhpjDoT5zByq57bUIw:g4y8gOl2doT715/UI

Score
10/10
ramnitbankerpersistencespywarestealertrojanupxworm

Malware Config

Targets

    • Target

      e9c8d9b4f457ec13cae760743f1ffdc3b3536afdd684f0654111360f1655034e

    • Size

      164KB

    • MD5

      a64533c99725bd1cc97366505cf9a0b0

    • SHA1

      2dfe060847ea269e7bb6d64cc6215a335199e444

    • SHA256

      e9c8d9b4f457ec13cae760743f1ffdc3b3536afdd684f0654111360f1655034e

    • SHA512

      35ef67c5f418cbcee3db86278c90d23f2021c08266a6df6c9da96f9f55c621c3bc3895c1d9bad82c4c0dd5ac99876dcbb379b963f29fc0c923617c6753824356

    • SSDEEP

      3072:an4cV8gf2u41Z5tKlhpjDoT5zByq57bUIw:g4y8gOl2doT715/UI

    Score
    10/10
    ramnitbankerpersistencespywarestealertrojanupxworm

    • Modifies WinLogon for persistence

      persistence

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

      trojanspywarestealerwormbankerramnit

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks