Overview

overview

10

Static

static

3

4f3f92c76a...95.dll

windows7-x64

10

4f3f92c76a...95.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4f3f92c76a390bb91672096c646ba448860edc8973ce9ef550dfbf6108dc3a95

  • Size

    608KB

  • Sample

    240422-1qv5ssgh6s

  • MD5

    cdb6566d6f87909ca27a2dba7b7b046f

  • SHA1

    346e4d24ed8b7c88f3cf7e88587a943d2f59334c

  • SHA256

    4f3f92c76a390bb91672096c646ba448860edc8973ce9ef550dfbf6108dc3a95

  • SHA512

    177d195b546036ce25f804a9d80ea0e244c29a281c91f7abc91e61dd64758896d932fcb87b51373c95c144d5d9280c3a0c4370a95f746f5521197dd2f8672786

  • SSDEEP

    12288:IhpUrEIZJqr1AkBWwNa5R0EYl795/amaX3QXaPKUSK+QCV7:I/jG01NHXaPpCV7

Score
10/10
ramnitbankerpersistencespywarestealertrojanupxworm

Malware Config

Targets

    • Target

      4f3f92c76a390bb91672096c646ba448860edc8973ce9ef550dfbf6108dc3a95

    • Size

      608KB

    • MD5

      cdb6566d6f87909ca27a2dba7b7b046f

    • SHA1

      346e4d24ed8b7c88f3cf7e88587a943d2f59334c

    • SHA256

      4f3f92c76a390bb91672096c646ba448860edc8973ce9ef550dfbf6108dc3a95

    • SHA512

      177d195b546036ce25f804a9d80ea0e244c29a281c91f7abc91e61dd64758896d932fcb87b51373c95c144d5d9280c3a0c4370a95f746f5521197dd2f8672786

    • SSDEEP

      12288:IhpUrEIZJqr1AkBWwNa5R0EYl795/amaX3QXaPKUSK+QCV7:I/jG01NHXaPpCV7

    Score
    10/10
    ramnitbankerpersistencespywarestealertrojanupxworm

    • Modifies WinLogon for persistence

      persistence

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

      trojanspywarestealerwormbankerramnit

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Winlogon Helper DLL

1
T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Winlogon Helper DLL

1
T1547.004

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks