Overview

overview

10

Static

static

3642317423...c3.dll

windows7-x64

10

3642317423...c3.dll

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    364231742307efcb76be1517af06965e713c62004dd0b296d1a9ad496513f2c3

  • Size

    524KB

  • Sample

    221205-qyr31aed43

  • MD5

    b31f6d75738bf1fadf10dc79dcac55e0

  • SHA1

    9bae0c010ea58c252490e9a97b5b7d053076c720

  • SHA256

    364231742307efcb76be1517af06965e713c62004dd0b296d1a9ad496513f2c3

  • SHA512

    19e5cbcffbf14dabf04c6694f6a2e858315e058b497487996a8ee8cb6f706902c459d01a09101e3505b817deb65fbe7256418d0d57558748ce0bc34947a3f544

  • SSDEEP

    12288:mhpUrEIZJqr1AkBWwNa5R0EYl795/amaX3QXaPKU5Y4cn:m/jG01NHXaPO

Score
10/10
ramnitbankerpersistencespywarestealertrojanupxworm

Malware Config

Targets

    • Target

      364231742307efcb76be1517af06965e713c62004dd0b296d1a9ad496513f2c3

    • Size

      524KB

    • MD5

      b31f6d75738bf1fadf10dc79dcac55e0

    • SHA1

      9bae0c010ea58c252490e9a97b5b7d053076c720

    • SHA256

      364231742307efcb76be1517af06965e713c62004dd0b296d1a9ad496513f2c3

    • SHA512

      19e5cbcffbf14dabf04c6694f6a2e858315e058b497487996a8ee8cb6f706902c459d01a09101e3505b817deb65fbe7256418d0d57558748ce0bc34947a3f544

    • SSDEEP

      12288:mhpUrEIZJqr1AkBWwNa5R0EYl795/amaX3QXaPKU5Y4cn:m/jG01NHXaPO

    Score
    10/10
    ramnitbankerpersistencespywarestealertrojanupxworm

    • Modifies WinLogon for persistence

      persistence

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

      trojanspywarestealerwormbankerramnit

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks