General

  • Target

    e160849be9bf20380e6acd89558e3f2e

  • Size

    100KB

  • Sample

    240327-lsjr8acf4w

  • MD5

    e160849be9bf20380e6acd89558e3f2e

  • SHA1

    4cc3b14803d8f24c34f644d5cc00164f365ddc6d

  • SHA256

    fb1082bc53e550f9a7dcd9eb0e47bc5014329eabe50511101777e0f7c90897e9

  • SHA512

    5055255543cd1408602de64abc49c65fb9f9cca49709bfd3c4e06b3c2689c841cf1f95675d22e4ee49c9d4b2ca5f32295674653a68edf1824cf959fd50e4f3c5

  • SSDEEP

    3072:4jHS/geOEKohaKQiWkGVk8jwaaHw7Koj4rDMRJc:O1oPQRIQ

Malware Config

Targets

    • Target

      e160849be9bf20380e6acd89558e3f2e

    • Size

      100KB

    • MD5

      e160849be9bf20380e6acd89558e3f2e

    • SHA1

      4cc3b14803d8f24c34f644d5cc00164f365ddc6d

    • SHA256

      fb1082bc53e550f9a7dcd9eb0e47bc5014329eabe50511101777e0f7c90897e9

    • SHA512

      5055255543cd1408602de64abc49c65fb9f9cca49709bfd3c4e06b3c2689c841cf1f95675d22e4ee49c9d4b2ca5f32295674653a68edf1824cf959fd50e4f3c5

    • SSDEEP

      3072:4jHS/geOEKohaKQiWkGVk8jwaaHw7Koj4rDMRJc:O1oPQRIQ

    • Modifies WinLogon for persistence

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

    • UAC bypass

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks