General

  • Target

    c563363c86020a2fc67831116c25551e

  • Size

    712KB

  • Sample

    240313-j1cb1aac67

  • MD5

    c563363c86020a2fc67831116c25551e

  • SHA1

    ef1103e5453892e018351a8095ccf49bbe2adb01

  • SHA256

    253c6ab78606752af810c94fdef1dcfcf89d38fc075c4110da2d107d7f9b9de6

  • SHA512

    d00b49d3d8fe3ed708007b16b8a7dd35a70f47fc59f8872cb059cbfe1357bb638961d10092a9d3669852bc86fcce050f9c60a472dce281178c1314df4196e55c

  • SSDEEP

    12288:SXx/MNJYJtoa/S3fS9hVFeKx/osTCC/pAIuceT:I1MNJIW3EeKmC/pAIuceT

Malware Config

Targets

    • Target

      c563363c86020a2fc67831116c25551e

    • Size

      712KB

    • MD5

      c563363c86020a2fc67831116c25551e

    • SHA1

      ef1103e5453892e018351a8095ccf49bbe2adb01

    • SHA256

      253c6ab78606752af810c94fdef1dcfcf89d38fc075c4110da2d107d7f9b9de6

    • SHA512

      d00b49d3d8fe3ed708007b16b8a7dd35a70f47fc59f8872cb059cbfe1357bb638961d10092a9d3669852bc86fcce050f9c60a472dce281178c1314df4196e55c

    • SSDEEP

      12288:SXx/MNJYJtoa/S3fS9hVFeKx/osTCC/pAIuceT:I1MNJIW3EeKmC/pAIuceT

    • Modifies WinLogon for persistence

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

    • UAC bypass

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks