Overview

overview

10

Static

static

3

NEAS.1a030...JC.dll

windows7-x64

10

NEAS.1a030...JC.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NEAS.1a03065d33eb97a56e6f59c883c35e60_JC.exe

  • Size

    235KB

  • Sample

    231014-q3phnsgg68

  • MD5

    1a03065d33eb97a56e6f59c883c35e60

  • SHA1

    b29dad06dcf5adec1eff06ab5058469bed186017

  • SHA256

    97b639b58ef4186d74f0e8c79665f0dd650e8f7bfb824fd281311894c16229c3

  • SHA512

    18611efeb7fcd5c4ab5f76440fc93d5c6f31c3ec1b660a5017b722b4bd8012cec5a3517d9ab2b9198b7b0216ec4cf45c1991b45c3f52d6d19b889d9dc86bfb60

  • SSDEEP

    6144:6v8LGyH7uG/NV2Hm+8Nj7J1hH1RhC+R5F:6v8Krb8NjF5R5F

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Targets

    • Target

      NEAS.1a03065d33eb97a56e6f59c883c35e60_JC.exe

    • Size

      235KB

    • MD5

      1a03065d33eb97a56e6f59c883c35e60

    • SHA1

      b29dad06dcf5adec1eff06ab5058469bed186017

    • SHA256

      97b639b58ef4186d74f0e8c79665f0dd650e8f7bfb824fd281311894c16229c3

    • SHA512

      18611efeb7fcd5c4ab5f76440fc93d5c6f31c3ec1b660a5017b722b4bd8012cec5a3517d9ab2b9198b7b0216ec4cf45c1991b45c3f52d6d19b889d9dc86bfb60

    • SSDEEP

      6144:6v8LGyH7uG/NV2Hm+8Nj7J1hH1RhC+R5F:6v8Krb8NjF5R5F

    Score
    10/10
    ramnitbankerspywarestealertrojanupxworm

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

      trojanspywarestealerwormbankerramnit

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks