General

  • Target

    cc3a20fcdcd733058a699c9a8ee4be60

  • Size

    103KB

  • Sample

    240315-x4vjmsah93

  • MD5

    cc3a20fcdcd733058a699c9a8ee4be60

  • SHA1

    eb3b8509c3591494b005b136649203be2ad36622

  • SHA256

    3b3199dab5ef0dabc7d71f392e7af0008e54775f19a0453dcf9e6941539b9347

  • SHA512

    f5ed87f3d216b5ad3f61ef787e30a5c45e08a6e945afccbf00c6667c1faf1f04b4b7bb1f71272a37da7c82de05d77ba500076b2622c83232de7fc91acbf253e3

  • SSDEEP

    3072:lQ5faGko6CFrbJKARb0WQ9FSE1Fk8jwaaHw7Koj4rgdB:61afCF3IO0WmFRb

Malware Config

Targets

    • Target

      cc3a20fcdcd733058a699c9a8ee4be60

    • Size

      103KB

    • MD5

      cc3a20fcdcd733058a699c9a8ee4be60

    • SHA1

      eb3b8509c3591494b005b136649203be2ad36622

    • SHA256

      3b3199dab5ef0dabc7d71f392e7af0008e54775f19a0453dcf9e6941539b9347

    • SHA512

      f5ed87f3d216b5ad3f61ef787e30a5c45e08a6e945afccbf00c6667c1faf1f04b4b7bb1f71272a37da7c82de05d77ba500076b2622c83232de7fc91acbf253e3

    • SSDEEP

      3072:lQ5faGko6CFrbJKARb0WQ9FSE1Fk8jwaaHw7Koj4rgdB:61afCF3IO0WmFRb

    • Modifies WinLogon for persistence

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

    • UAC bypass

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks