General
-
Target
c07973e7b00ef06147cfdc3fe2bfc49a
-
Size
98KB
-
Sample
240311-njt8pshc46
-
MD5
c07973e7b00ef06147cfdc3fe2bfc49a
-
SHA1
9eec67cc93ff4be0e2be9bdaaf400dc9f045afa2
-
SHA256
fd413f6171d383ca0bdf513aa0b79c8315c1e3784b7a61487976f71890b087cc
-
SHA512
cead10db676a31c5792c63ff50cc270346b673e8cc29ab29aab54c674e388f194016b17c4e039f81f2930321eb3f66184ed02aeb3b14e7024c7576d6d0c30153
-
SSDEEP
3072:OFykBd/sbm+l8+PpU+q06mnGGik8jwaaHw7Koj4rD8Vm5:Opz/lyU+qrCoU
Malware Config
Targets
-
-
Target
c07973e7b00ef06147cfdc3fe2bfc49a
-
Size
98KB
-
MD5
c07973e7b00ef06147cfdc3fe2bfc49a
-
SHA1
9eec67cc93ff4be0e2be9bdaaf400dc9f045afa2
-
SHA256
fd413f6171d383ca0bdf513aa0b79c8315c1e3784b7a61487976f71890b087cc
-
SHA512
cead10db676a31c5792c63ff50cc270346b673e8cc29ab29aab54c674e388f194016b17c4e039f81f2930321eb3f66184ed02aeb3b14e7024c7576d6d0c30153
-
SSDEEP
3072:OFykBd/sbm+l8+PpU+q06mnGGik8jwaaHw7Koj4rD8Vm5:Opz/lyU+qrCoU
Score10/10-
Modifies WinLogon for persistence
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
UAC bypass
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1