General

  • Target

    2024-03-12_d259af6e74e4c55e0b8eaaa7cdff9a7d_hacktools_icedid_ramnit

  • Size

    6.8MB

  • Sample

    240312-mtaflsgh99

  • MD5

    d259af6e74e4c55e0b8eaaa7cdff9a7d

  • SHA1

    88d6348142c38e052930a2bfce848c724ca43dd8

  • SHA256

    c2eb0cae917bf69908a3036fe204d6c51ff14ed1008a5c28bb24aec29e1c883c

  • SHA512

    3cd73eaf0b54a592dda8da0208be078711a04fb7e26f60916d3494ffd316cf7f6d2dcce4d4c81ecd98c0831e9f4e04d873608b44dc919b2d664f5c13f4f8c7b5

  • SSDEEP

    98304:vFBAKYJcvyjxnrAxPVpWP1bjVdcoaaMhnsmtk2a+2SVMD8a73TaMBLsvD/D+don4:sUe1vVbM9LXk73TJY7/A1Yc

Malware Config

Targets

    • Target

      2024-03-12_d259af6e74e4c55e0b8eaaa7cdff9a7d_hacktools_icedid_ramnit

    • Size

      6.8MB

    • MD5

      d259af6e74e4c55e0b8eaaa7cdff9a7d

    • SHA1

      88d6348142c38e052930a2bfce848c724ca43dd8

    • SHA256

      c2eb0cae917bf69908a3036fe204d6c51ff14ed1008a5c28bb24aec29e1c883c

    • SHA512

      3cd73eaf0b54a592dda8da0208be078711a04fb7e26f60916d3494ffd316cf7f6d2dcce4d4c81ecd98c0831e9f4e04d873608b44dc919b2d664f5c13f4f8c7b5

    • SSDEEP

      98304:vFBAKYJcvyjxnrAxPVpWP1bjVdcoaaMhnsmtk2a+2SVMD8a73TaMBLsvD/D+don4:sUe1vVbM9LXk73TJY7/A1Yc

    • Modifies firewall policy service

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

    • Ramnit family

    • Detects Windows executables referencing non-Windows User-Agents

    • UPX dump on OEP (original entry point)

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks