Overview

overview

10

Static

static

9ad124b3ea...54.dll

windows7-x64

10

9ad124b3ea...54.dll

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    9ad124b3ead2db644353c85988383177b48c3cf9f426dc152704f4565c6e1c54

  • Size

    180KB

  • Sample

    221204-chhbzacb5z

  • MD5

    cb6f925a8831d5f82948abc6e15b8610

  • SHA1

    062718e926ef3de883db0ffad16255a78ff72d22

  • SHA256

    9ad124b3ead2db644353c85988383177b48c3cf9f426dc152704f4565c6e1c54

  • SHA512

    ee26f8f10f43f48c79a937bb6e19448f5112ddaa751618dc5e5825b46cb6dbf5d46d16faa3b3971e3c9258e0561179252669530e4b477a86a041441e98671516

  • SSDEEP

    3072:gn4cV8gf2u41Z5tKl3usvHsRg1AN9sBN2ECGhzRc4XjLiwvK:64y8gOl2dusvHsR+ANGDrPcYvK

Score
10/10
ramnitbankerpersistencespywarestealertrojanupxworm

Malware Config

Targets

    • Target

      9ad124b3ead2db644353c85988383177b48c3cf9f426dc152704f4565c6e1c54

    • Size

      180KB

    • MD5

      cb6f925a8831d5f82948abc6e15b8610

    • SHA1

      062718e926ef3de883db0ffad16255a78ff72d22

    • SHA256

      9ad124b3ead2db644353c85988383177b48c3cf9f426dc152704f4565c6e1c54

    • SHA512

      ee26f8f10f43f48c79a937bb6e19448f5112ddaa751618dc5e5825b46cb6dbf5d46d16faa3b3971e3c9258e0561179252669530e4b477a86a041441e98671516

    • SSDEEP

      3072:gn4cV8gf2u41Z5tKl3usvHsRg1AN9sBN2ECGhzRc4XjLiwvK:64y8gOl2dusvHsR+ANGDrPcYvK

    Score
    10/10
    ramnitbankerpersistencespywarestealertrojanupxworm

    • Modifies WinLogon for persistence

      persistence

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

      trojanspywarestealerwormbankerramnit

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks