General

  • Target

    x3286.exe

  • Size

    254KB

  • Sample

    240331-nyagvabd98

  • MD5

    86a572f9bf5d11823949589df043337b

  • SHA1

    68f1205d742b773b0bdbd1636b19a369780214ac

  • SHA256

    5283470c1787f63b15a96fad7c9db4c576ece919435b62d16a3dbc45800bd3e4

  • SHA512

    b01fcc8c5046c221dd48ced2f46bead4649d53abefdb73104fe1228d3f2955f66d8ed250b84647863ec78902d44ec5132b8dbfae03d7ed8241b71a06e68379c4

  • SSDEEP

    6144:/jpS6JH5mhakjxEWi4cVTNoHq9rO2QF2nb3FdkSH:/TqQVWirRAEi27Tr/H

Malware Config

Targets

    • Target

      x3286.exe

    • Size

      254KB

    • MD5

      86a572f9bf5d11823949589df043337b

    • SHA1

      68f1205d742b773b0bdbd1636b19a369780214ac

    • SHA256

      5283470c1787f63b15a96fad7c9db4c576ece919435b62d16a3dbc45800bd3e4

    • SHA512

      b01fcc8c5046c221dd48ced2f46bead4649d53abefdb73104fe1228d3f2955f66d8ed250b84647863ec78902d44ec5132b8dbfae03d7ed8241b71a06e68379c4

    • SSDEEP

      6144:/jpS6JH5mhakjxEWi4cVTNoHq9rO2QF2nb3FdkSH:/TqQVWirRAEi27Tr/H

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks