Overview

overview

10

Static

static

3

ffbe830db6...93.dll

windows7-x64

10

ffbe830db6...93.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ffbe830db63d9aa6c99439513bc7415ddcc5fd4a74aa3089cb11a533c6f1a393

  • Size

    157KB

  • Sample

    240526-fyqvtsgc61

  • MD5

    65c33f336e53a2b8e132bd4121224a84

  • SHA1

    7cc8cd99f20923e5c2126596019a67cecbd7ce2a

  • SHA256

    ffbe830db63d9aa6c99439513bc7415ddcc5fd4a74aa3089cb11a533c6f1a393

  • SHA512

    c56133e3839f0f1f4c45b0852be648107d47e8bf11b3fb29efc0181ab6ec813e4247066155105edec1a65f3ea7e1e21b595fd2e534e4f82ceeeb79d8f3ffa591

  • SSDEEP

    3072:IMr6N9WfdNAbxBU69VyZhDsHYZ3rDINcQR0n6ecZdGU1QLaLNmYqhPzxm1C:IMqWfdNANO6yEYZ7DVQgsQLPzo1C

Score
10/10
ramnitbankerpersistencespywarestealertrojanupxworm

Malware Config

Targets

    • Target

      ffbe830db63d9aa6c99439513bc7415ddcc5fd4a74aa3089cb11a533c6f1a393

    • Size

      157KB

    • MD5

      65c33f336e53a2b8e132bd4121224a84

    • SHA1

      7cc8cd99f20923e5c2126596019a67cecbd7ce2a

    • SHA256

      ffbe830db63d9aa6c99439513bc7415ddcc5fd4a74aa3089cb11a533c6f1a393

    • SHA512

      c56133e3839f0f1f4c45b0852be648107d47e8bf11b3fb29efc0181ab6ec813e4247066155105edec1a65f3ea7e1e21b595fd2e534e4f82ceeeb79d8f3ffa591

    • SSDEEP

      3072:IMr6N9WfdNAbxBU69VyZhDsHYZ3rDINcQR0n6ecZdGU1QLaLNmYqhPzxm1C:IMqWfdNANO6yEYZ7DVQgsQLPzo1C

    Score
    10/10
    ramnitbankerpersistencespywarestealertrojanupxworm

    • Modifies WinLogon for persistence

      persistence

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

      trojanspywarestealerwormbankerramnit

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Winlogon Helper DLL

1
T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Winlogon Helper DLL

1
T1547.004

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks