Overview

overview

10

Static

static

30a6ca067d...ed.dll

windows7-x64

10

30a6ca067d...ed.dll

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    30a6ca067df975818a69eb475901f7a2501e1a0883442ae01352a490d4cc8bed

  • Size

    307KB

  • Sample

    221205-qnvq5sgh41

  • MD5

    e2fb1ac20c598e5a8f3bc3ee20a36492

  • SHA1

    f9b2e09ffbcd6f5736276c5417901b865c61fb74

  • SHA256

    30a6ca067df975818a69eb475901f7a2501e1a0883442ae01352a490d4cc8bed

  • SHA512

    43da98b3a2ead7ef5e5da8ff9eea0b0c923628a5fb51a7395efeb4963557b76568547248fab7bd8c5dbf7e2acb68b7a7027d569836f52afb897d90d3af3bfcb5

  • SSDEEP

    6144:ZxWfO7cf3bZUa3BrVLwBkFO0G1NQZe7TCRsa8gz8DrEnKgUueqonfkBCFcNa:+v3bZZRrCPGKanz8DrEnKgjonfkBicM

Score
10/10
ramnitbankerevasionpersistencespywarestealertrojanupxworm

Malware Config

Targets

    • Target

      30a6ca067df975818a69eb475901f7a2501e1a0883442ae01352a490d4cc8bed

    • Size

      307KB

    • MD5

      e2fb1ac20c598e5a8f3bc3ee20a36492

    • SHA1

      f9b2e09ffbcd6f5736276c5417901b865c61fb74

    • SHA256

      30a6ca067df975818a69eb475901f7a2501e1a0883442ae01352a490d4cc8bed

    • SHA512

      43da98b3a2ead7ef5e5da8ff9eea0b0c923628a5fb51a7395efeb4963557b76568547248fab7bd8c5dbf7e2acb68b7a7027d569836f52afb897d90d3af3bfcb5

    • SSDEEP

      6144:ZxWfO7cf3bZUa3BrVLwBkFO0G1NQZe7TCRsa8gz8DrEnKgUueqonfkBCFcNa:+v3bZZRrCPGKanz8DrEnKgjonfkBicM

    Score
    10/10
    ramnitbankerevasionpersistencespywarestealertrojanupxworm

    • Modifies WinLogon for persistence

      persistence

    • Modifies firewall policy service

      evasion

    • Modifies security service

      evasion

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

      trojanspywarestealerwormbankerramnit

    • UAC bypass

      evasiontrojan

    • Windows security bypass

      evasiontrojan

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks