General

  • Target

    def9869341fcf9b7d2db5eaec231f848

  • Size

    113KB

  • Sample

    240326-mtwzlsgd34

  • MD5

    def9869341fcf9b7d2db5eaec231f848

  • SHA1

    5f3d789293c98f84b810e6a63b1ae8c54777178f

  • SHA256

    17e7806689a925bdad2e50ef4aab104697d6338ab0d79a0a519f3f5679110654

  • SHA512

    f61a583515d05c168cadfe2b230e3595807f92cb6197b391213872011e758c1b557db4d9910cee0fe382625862dba6945ce18b27c4adb36a1e1ee3b3b8c07f6c

  • SSDEEP

    3072:39y2beY8m+1GYPHMiqqOIx4J2vNbGfvGnd3gW5ZM4/ue/1:3hX8mKGmHKGNdndPZMTe/1

Malware Config

Targets

    • Target

      def9869341fcf9b7d2db5eaec231f848

    • Size

      113KB

    • MD5

      def9869341fcf9b7d2db5eaec231f848

    • SHA1

      5f3d789293c98f84b810e6a63b1ae8c54777178f

    • SHA256

      17e7806689a925bdad2e50ef4aab104697d6338ab0d79a0a519f3f5679110654

    • SHA512

      f61a583515d05c168cadfe2b230e3595807f92cb6197b391213872011e758c1b557db4d9910cee0fe382625862dba6945ce18b27c4adb36a1e1ee3b3b8c07f6c

    • SSDEEP

      3072:39y2beY8m+1GYPHMiqqOIx4J2vNbGfvGnd3gW5ZM4/ue/1:3hX8mKGmHKGNdndPZMTe/1

    • Modifies WinLogon for persistence

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

    • UAC bypass

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks