Overview

overview

10

Static

static

3

c39a02d65e...d8.dll

windows7-x64

10

c39a02d65e...d8.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c39a02d65e046ab3f46ee1f2315e17b8bf3b748af294d68d0d1a7d8c2f3252d8

  • Size

    157KB

  • Sample

    240526-c622aaca6s

  • MD5

    5d5bed54a20709d639a8cccb47b87c47

  • SHA1

    e98c5f4d7139731abf1ec3ad305c991af6eebb15

  • SHA256

    c39a02d65e046ab3f46ee1f2315e17b8bf3b748af294d68d0d1a7d8c2f3252d8

  • SHA512

    7193a0ec1bfa0f6f1d72fd57a2be46cb6d2e14aacce1e45c6069bacb82ef5ed8d385acd63f48ff08179dacca6a6a8cd96cb1e67a2e4153dbaf6b059099dcccd6

  • SSDEEP

    3072:IMr6N9WfdNAbxBk69VyZhDsHYZ3rDINcQR0n6ecZdGU1QLaLNmYqhPzxm1p:IMqWfdNANG6yEYZ7DVQgsQLPzo1p

Score
10/10
ramnitbankerpersistencespywarestealertrojanupxworm

Malware Config

Targets

    • Target

      c39a02d65e046ab3f46ee1f2315e17b8bf3b748af294d68d0d1a7d8c2f3252d8

    • Size

      157KB

    • MD5

      5d5bed54a20709d639a8cccb47b87c47

    • SHA1

      e98c5f4d7139731abf1ec3ad305c991af6eebb15

    • SHA256

      c39a02d65e046ab3f46ee1f2315e17b8bf3b748af294d68d0d1a7d8c2f3252d8

    • SHA512

      7193a0ec1bfa0f6f1d72fd57a2be46cb6d2e14aacce1e45c6069bacb82ef5ed8d385acd63f48ff08179dacca6a6a8cd96cb1e67a2e4153dbaf6b059099dcccd6

    • SSDEEP

      3072:IMr6N9WfdNAbxBk69VyZhDsHYZ3rDINcQR0n6ecZdGU1QLaLNmYqhPzxm1p:IMqWfdNANG6yEYZ7DVQgsQLPzo1p

    Score
    10/10
    ramnitbankerpersistencespywarestealertrojanupxworm

    • Modifies WinLogon for persistence

      persistence

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

      trojanspywarestealerwormbankerramnit

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks