General

  • Target

    cbacd8eb56f45cab8548de46ce35d2f4

  • Size

    98KB

  • Sample

    240315-r2zspadb39

  • MD5

    cbacd8eb56f45cab8548de46ce35d2f4

  • SHA1

    8bcbb9c671f5938c645b1c8454792eb328f168a9

  • SHA256

    929115b7ebac20c141b5f80a14eef9336651b6e563d3626f56a31e12ef1a3965

  • SHA512

    bca3cba36a75ebdf1d098bba4517c80b5411054788b3f67b23812900d1454647f8db965d0d4aba7996964fb79c4bba63524f7df2e6357445f1a45609dd4d770a

  • SSDEEP

    3072:I9ndFWQypZsYLAkL6dRU9KIs9WG7Dk8jwaaHw7Koj4rDNMI:UnqpakAU6dRUFsCS

Malware Config

Targets

    • Target

      cbacd8eb56f45cab8548de46ce35d2f4

    • Size

      98KB

    • MD5

      cbacd8eb56f45cab8548de46ce35d2f4

    • SHA1

      8bcbb9c671f5938c645b1c8454792eb328f168a9

    • SHA256

      929115b7ebac20c141b5f80a14eef9336651b6e563d3626f56a31e12ef1a3965

    • SHA512

      bca3cba36a75ebdf1d098bba4517c80b5411054788b3f67b23812900d1454647f8db965d0d4aba7996964fb79c4bba63524f7df2e6357445f1a45609dd4d770a

    • SSDEEP

      3072:I9ndFWQypZsYLAkL6dRU9KIs9WG7Dk8jwaaHw7Koj4rDNMI:UnqpakAU6dRUFsCS

    • Modifies WinLogon for persistence

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

    • UAC bypass

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks