General

  • Target

    c33f2c146a073d96895475fd7c164d7c

  • Size

    98KB

  • Sample

    240312-nldnqshf52

  • MD5

    c33f2c146a073d96895475fd7c164d7c

  • SHA1

    4849aa0ecd3e55290feb93f2119209084f7bbb1e

  • SHA256

    73d48471b831a01e6747c6240041b7e8a75ccf5bcff9de8b05d1f4cebe63d98d

  • SHA512

    604233ac0a3787b57b43ddf384cdacc3e3f02b550dde59c5b4b76e6ca27efa30098646de610b684842d047f70b94edfd75dd412cad594925ca229e9018b8a38a

  • SSDEEP

    3072:qAE2a3kJhCGvmwquKkb2EG7Dk8jwaaHw7Koj4rDjvR:qYa03Guzjp

Malware Config

Targets

    • Target

      c33f2c146a073d96895475fd7c164d7c

    • Size

      98KB

    • MD5

      c33f2c146a073d96895475fd7c164d7c

    • SHA1

      4849aa0ecd3e55290feb93f2119209084f7bbb1e

    • SHA256

      73d48471b831a01e6747c6240041b7e8a75ccf5bcff9de8b05d1f4cebe63d98d

    • SHA512

      604233ac0a3787b57b43ddf384cdacc3e3f02b550dde59c5b4b76e6ca27efa30098646de610b684842d047f70b94edfd75dd412cad594925ca229e9018b8a38a

    • SSDEEP

      3072:qAE2a3kJhCGvmwquKkb2EG7Dk8jwaaHw7Koj4rDjvR:qYa03Guzjp

    • Modifies WinLogon for persistence

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

    • UAC bypass

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks