Overview

overview

10

Static

static

3

caabfa7e68...6a.exe

windows7-x64

10

caabfa7e68...6a.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    caabfa7e68320180684ae01e8876b16a

  • Size

    166KB

  • Sample

    240315-gvd8ashf7y

  • MD5

    caabfa7e68320180684ae01e8876b16a

  • SHA1

    0e76f3e0bb9e810bb182d5f290d409eeb85f193e

  • SHA256

    cb5ddafe26c70a36393e4ab00856139339372b3e39d0040404b2029872e1bbb5

  • SHA512

    cd8dd63b13ad9de79f4e1dd81806eaeef47c3faca0e6148f4fe4a41f5e501d94d504bc7a1b52fd1c458dc3f84ea3db2bd4c12a3bca27469251849e6618f9313a

  • SSDEEP

    3072:SdKFOoL16AKjtBhepmb/uDkSygOW7ApA5Br:eKF/LAvjde6/uQSwQAO5Br

Score
10/10
ramnitbankerpersistencespywarestealertrojanupxworm

Malware Config

Targets

    • Target

      caabfa7e68320180684ae01e8876b16a

    • Size

      166KB

    • MD5

      caabfa7e68320180684ae01e8876b16a

    • SHA1

      0e76f3e0bb9e810bb182d5f290d409eeb85f193e

    • SHA256

      cb5ddafe26c70a36393e4ab00856139339372b3e39d0040404b2029872e1bbb5

    • SHA512

      cd8dd63b13ad9de79f4e1dd81806eaeef47c3faca0e6148f4fe4a41f5e501d94d504bc7a1b52fd1c458dc3f84ea3db2bd4c12a3bca27469251849e6618f9313a

    • SSDEEP

      3072:SdKFOoL16AKjtBhepmb/uDkSygOW7ApA5Br:eKF/LAvjde6/uQSwQAO5Br

    Score
    10/10
    ramnitbankerpersistencespywarestealertrojanupxworm

    • Modifies WinLogon for persistence

      persistence

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

      trojanspywarestealerwormbankerramnit

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks