Overview

overview

10

Static

static

ca53766dd0...c4.dll

windows7-x64

10

ca53766dd0...c4.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ca53766dd065aa758fef3431cce4a983b8a7cc334d94a26c49fdbfb95462e6c4

  • Size

    476KB

  • Sample

    221205-qqnqlsha81

  • MD5

    5c60bf0ee0e32352dfa296e7e5adf012

  • SHA1

    505c15cffb2243eb8209e5524f7691f24fd5afd8

  • SHA256

    ca53766dd065aa758fef3431cce4a983b8a7cc334d94a26c49fdbfb95462e6c4

  • SHA512

    485eacd18b80dac3b8b491239a90d7a8dfd411680c47e02bdf749cdc96afc1f848c5e3a492e39496883eeb83cf12667760f76a09222a4c832ba68d634920cc19

  • SSDEEP

    12288:c3ZlSTSCgUXqyGS8x/Fu0zLWO612HxEj/E+:cpkTSCgtyiRzaXqi8+

Score
10/10
ramnitbankerpersistencespywarestealertrojanupxworm

Malware Config

Targets

    • Target

      ca53766dd065aa758fef3431cce4a983b8a7cc334d94a26c49fdbfb95462e6c4

    • Size

      476KB

    • MD5

      5c60bf0ee0e32352dfa296e7e5adf012

    • SHA1

      505c15cffb2243eb8209e5524f7691f24fd5afd8

    • SHA256

      ca53766dd065aa758fef3431cce4a983b8a7cc334d94a26c49fdbfb95462e6c4

    • SHA512

      485eacd18b80dac3b8b491239a90d7a8dfd411680c47e02bdf749cdc96afc1f848c5e3a492e39496883eeb83cf12667760f76a09222a4c832ba68d634920cc19

    • SSDEEP

      12288:c3ZlSTSCgUXqyGS8x/Fu0zLWO612HxEj/E+:cpkTSCgtyiRzaXqi8+

    Score
    10/10
    ramnitbankerpersistencespywarestealertrojanupxworm

    • Modifies WinLogon for persistence

      persistence

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

      trojanspywarestealerwormbankerramnit

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks