Triage | Malware sandboxing report by Hatching Triage

Sharing

General

Target

53259b37c3a8c0491cf484b4fc86116052937b2bbec39d9673e46b7f7ca701db
Size

122KB
Sample

230130-ahc15saf24
MD5

239ae44b1addd26c7a19e1abe92d9000
SHA1

b322da76f51ec9ce0c806ac0e43a9475e92e29ff
SHA256

53259b37c3a8c0491cf484b4fc86116052937b2bbec39d9673e46b7f7ca701db
SHA512

7bb6917aff1c4cef02b991d6c8b9c825c720f43c6d1872e51cb896f185b55368ade37f64448059456e58389db00ca9b2a27be4e649957dfa9258aa94f1a37ff0
SSDEEP

3072:8huoIU9PWr3pEnmGVk8jwaaHw7Koj4rDkISg2z:88jU9PWOOx7E

Score

10^/10

ramnit banker evasion persistence spyware stealer trojan worm

Malware Config

Targets

- Target
  
  53259b37c3a8c0491cf484b4fc86116052937b2bbec39d9673e46b7f7ca701db
- Size
  
  122KB
- MD5
  
  239ae44b1addd26c7a19e1abe92d9000
- SHA1
  
  b322da76f51ec9ce0c806ac0e43a9475e92e29ff
- SHA256
  
  53259b37c3a8c0491cf484b4fc86116052937b2bbec39d9673e46b7f7ca701db
- SHA512
  
  7bb6917aff1c4cef02b991d6c8b9c825c720f43c6d1872e51cb896f185b55368ade37f64448059456e58389db00ca9b2a27be4e649957dfa9258aa94f1a37ff0
- SSDEEP
  
  3072:8huoIU9PWr3pEnmGVk8jwaaHw7Koj4rDkISg2z:88jU9PWOOx7E
Score

10^/10

ramnit banker evasion persistence spyware stealer trojan worm
- Modifies WinLogon for persistence
  persistence
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- UAC bypass
  evasion trojan
- Executes dropped EXE
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Bypass User Account Control

Tasks

static1

behavioral1

ramnitbankerevasionpersistencespywarestealertrojanworm

behavioral2