Triage | Malware sandboxing report by Hatching Triage

Sharing

General

Target

9124e6062db2c318517de2d45158e3f7e580e20884d80ee03625861f830f94fa
Size

121KB
Sample

230129-2wkrpagc39
MD5

2299a2d6f8d62723d3d76cac0bc2c01b
SHA1

a2c396aa7d073b50ddc96a9996eef8f47cb9b04b
SHA256

9124e6062db2c318517de2d45158e3f7e580e20884d80ee03625861f830f94fa
SHA512

2bc19355cc23cfa3c43e629d39742a8ceb75bec402202cbaaea78e39f452da250296628c0f35ff043047458275eaaca4f9b04768754f4ce475d92b4c32521a95
SSDEEP

1536:N8kwilTEhU4HDa1KkjWXUa21mc/Mue9VR:dhlohUEK9ekp6

Score

10^/10

ramnit banker persistence spyware stealer trojan upx worm

Malware Config

Targets

- Target
  
  9124e6062db2c318517de2d45158e3f7e580e20884d80ee03625861f830f94fa
- Size
  
  121KB
- MD5
  
  2299a2d6f8d62723d3d76cac0bc2c01b
- SHA1
  
  a2c396aa7d073b50ddc96a9996eef8f47cb9b04b
- SHA256
  
  9124e6062db2c318517de2d45158e3f7e580e20884d80ee03625861f830f94fa
- SHA512
  
  2bc19355cc23cfa3c43e629d39742a8ceb75bec402202cbaaea78e39f452da250296628c0f35ff043047458275eaaca4f9b04768754f4ce475d92b4c32521a95
- SSDEEP
  
  1536:N8kwilTEhU4HDa1KkjWXUa21mc/Mue9VR:dhlohUEK9ekp6
Score

10^/10

ramnit banker persistence spyware stealer trojan upx worm
- Modifies WinLogon for persistence
  persistence
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Modify Registry

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Winlogon Helper DLL

Privilege Escalation

Tasks

static1

behavioral1

ramnitbankerpersistencespywarestealertrojanupxworm

behavioral2

ramnitbankerspywarestealertrojanupxworm