General
-
Target
a38ba9a3c5a800474ad854f25022860b9360b22989ead59d1445010d2e0343d8
-
Size
112KB
-
Sample
230129-n7e4paff7t
-
MD5
fa0c8f0988953dacb6cf4d5b33404f1c
-
SHA1
4310539111f8dd173808190b8257387d046b8fbb
-
SHA256
a38ba9a3c5a800474ad854f25022860b9360b22989ead59d1445010d2e0343d8
-
SHA512
6a6e7b85afd906f9e6f6f0094b6f89262bb0a1b729843ca63013a95e10388a984e03e8569f858512d287dd24afd96f1f4872e9ded9a4a6862641a34bce6d404a
-
SSDEEP
3072:1BbLXIiMqIe2KqOrx4J2vNbGfvGnd3gW5ZM4/uXv9cS:1dXIqHp/NdndPZMTXv9
Malware Config
Targets
-
-
Target
a38ba9a3c5a800474ad854f25022860b9360b22989ead59d1445010d2e0343d8
-
Size
112KB
-
MD5
fa0c8f0988953dacb6cf4d5b33404f1c
-
SHA1
4310539111f8dd173808190b8257387d046b8fbb
-
SHA256
a38ba9a3c5a800474ad854f25022860b9360b22989ead59d1445010d2e0343d8
-
SHA512
6a6e7b85afd906f9e6f6f0094b6f89262bb0a1b729843ca63013a95e10388a984e03e8569f858512d287dd24afd96f1f4872e9ded9a4a6862641a34bce6d404a
-
SSDEEP
3072:1BbLXIiMqIe2KqOrx4J2vNbGfvGnd3gW5ZM4/uXv9cS:1dXIqHp/NdndPZMTXv9
Score10/10-
Modifies WinLogon for persistence
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
UAC bypass
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-