General
-
Target
87a42043bc478cec68bf5f181efa3de0e597ceb0c2a68e4b626d1e53e3f29b1d
-
Size
130KB
-
Sample
230129-3fdtwaae91
-
MD5
22d8fb0fde2ec77b0a3da0a7588bfa40
-
SHA1
e76802220d01891479b64bf709fd0c2d3ec266bb
-
SHA256
87a42043bc478cec68bf5f181efa3de0e597ceb0c2a68e4b626d1e53e3f29b1d
-
SHA512
1304e549ebafd89163db4e4728dab986cd100de6cf1f26e98ef6e681d2fb995c1607a58ff27a097675e8979247d0ad2a2d98a24b795f6e3a930d8188a0e4f6b4
-
SSDEEP
3072:NYaENCs1tDKROWgPJblycavQARvZeURunoswmKK:NYaMCSqOWgP/av6U1U
Malware Config
Targets
-
-
Target
87a42043bc478cec68bf5f181efa3de0e597ceb0c2a68e4b626d1e53e3f29b1d
-
Size
130KB
-
MD5
22d8fb0fde2ec77b0a3da0a7588bfa40
-
SHA1
e76802220d01891479b64bf709fd0c2d3ec266bb
-
SHA256
87a42043bc478cec68bf5f181efa3de0e597ceb0c2a68e4b626d1e53e3f29b1d
-
SHA512
1304e549ebafd89163db4e4728dab986cd100de6cf1f26e98ef6e681d2fb995c1607a58ff27a097675e8979247d0ad2a2d98a24b795f6e3a930d8188a0e4f6b4
-
SSDEEP
3072:NYaENCs1tDKROWgPJblycavQARvZeURunoswmKK:NYaMCSqOWgP/av6U1U
Score10/10-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
UAC bypass
-
Windows security bypass
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-
Checks whether UAC is enabled
-