Overview

overview

10

Static

static

3

d1b7baa41e...79.exe

windows7-x64

10

d1b7baa41e...79.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d1b7baa41ea09e6b0d467a7d5a52be072932e1b92f9ef534683248f046271d79

  • Size

    120KB

  • Sample

    240422-d5aq3seh99

  • MD5

    4b91e3bfef20a3c34263f0eb2ee36924

  • SHA1

    346a6cedd5edc14375876488332d1487611c6850

  • SHA256

    d1b7baa41ea09e6b0d467a7d5a52be072932e1b92f9ef534683248f046271d79

  • SHA512

    7c00c27b6204cea53007b4e84846a6ab8ba09d62cdee66f46d39354148eaa072a89d4726ed8b3b15de3a492d449f8f4babeeff7eb9b166d87d84e8659c603034

  • SSDEEP

    768:gQxkwifBsIqHpcrkMEYEhA7P4RhAtmaZFb79U9MKAjBEig6/1k21m3uHRdMNDj2Y:g8kwilTEhU4HDa1KkjWXUa21mc/Mue9

Score
10/10
ramnitbankerpersistencespywarestealertrojanupxworm

Malware Config

Targets

    • Target

      d1b7baa41ea09e6b0d467a7d5a52be072932e1b92f9ef534683248f046271d79

    • Size

      120KB

    • MD5

      4b91e3bfef20a3c34263f0eb2ee36924

    • SHA1

      346a6cedd5edc14375876488332d1487611c6850

    • SHA256

      d1b7baa41ea09e6b0d467a7d5a52be072932e1b92f9ef534683248f046271d79

    • SHA512

      7c00c27b6204cea53007b4e84846a6ab8ba09d62cdee66f46d39354148eaa072a89d4726ed8b3b15de3a492d449f8f4babeeff7eb9b166d87d84e8659c603034

    • SSDEEP

      768:gQxkwifBsIqHpcrkMEYEhA7P4RhAtmaZFb79U9MKAjBEig6/1k21m3uHRdMNDj2Y:g8kwilTEhU4HDa1KkjWXUa21mc/Mue9

    Score
    10/10
    ramnitbankerpersistencespywarestealertrojanupxworm

    • Modifies WinLogon for persistence

      persistence

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

      trojanspywarestealerwormbankerramnit

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Winlogon Helper DLL

1
T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Winlogon Helper DLL

1
T1547.004

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks