General

  • Target

    cad425eb10b9d9520854c1f22550709a

  • Size

    136KB

  • Sample

    240315-h9rydach77

  • MD5

    cad425eb10b9d9520854c1f22550709a

  • SHA1

    5ecbab858b060e0d64f5ffe6bea5ba87b51c5f74

  • SHA256

    4435b6404d212b96560b25c7977997a34236a162e4118e0eed78af29c2741790

  • SHA512

    a16fad874711d48dcd873dba6ee0d83fa66e0004d3d23a4dfbca1b4cbe94dc8689a604d36003d70171dd6e69ba81add2cc05042fef91b2aae411b8ad98ca9dbe

  • SSDEEP

    3072:F37H+QuE6+qXR7oR/SRNQjrm9+n6bkyjCwoU12:JH+QuELqQ6EjK94ByWwoU1

Malware Config

Targets

    • Target

      cad425eb10b9d9520854c1f22550709a

    • Size

      136KB

    • MD5

      cad425eb10b9d9520854c1f22550709a

    • SHA1

      5ecbab858b060e0d64f5ffe6bea5ba87b51c5f74

    • SHA256

      4435b6404d212b96560b25c7977997a34236a162e4118e0eed78af29c2741790

    • SHA512

      a16fad874711d48dcd873dba6ee0d83fa66e0004d3d23a4dfbca1b4cbe94dc8689a604d36003d70171dd6e69ba81add2cc05042fef91b2aae411b8ad98ca9dbe

    • SSDEEP

      3072:F37H+QuE6+qXR7oR/SRNQjrm9+n6bkyjCwoU12:JH+QuELqQ6EjK94ByWwoU1

    • Modifies WinLogon for persistence

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

    • UAC bypass

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks