Overview

overview

10

Static

static

3

ceff35deb6...30.dll

windows7-x64

10

ceff35deb6...30.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ceff35deb6c1159e48b44a9bc30c6ffafeb3787824de4ea03415eeb8dd3a6a30

  • Size

    157KB

  • Sample

    240527-ddfg9adg41

  • MD5

    13512ca83401d4a94f6ca2fe8bc742ca

  • SHA1

    de6caf7d767d89dce94ce3f3f828742f55a82b6c

  • SHA256

    ceff35deb6c1159e48b44a9bc30c6ffafeb3787824de4ea03415eeb8dd3a6a30

  • SHA512

    adf6c380f633d6365c7eaf8cf32e41fb134175b5ca7c2b7b2b74cbccb7a4dae7c4b890ebed656165f536b6a0968a52743e740d8062aea311a37709bb92935d59

  • SSDEEP

    3072:IMr6N9WfdNAbxBU69VyZhDsHYZ3rDINcQR0n6ecZdGU1QLaLNmYqhPzxm1xO:IMqWfdNANO6yEYZ7DVQgsQLPzo1xO

Score
10/10
ramnitbankerpersistencespywarestealertrojanupxworm

Malware Config

Targets

    • Target

      ceff35deb6c1159e48b44a9bc30c6ffafeb3787824de4ea03415eeb8dd3a6a30

    • Size

      157KB

    • MD5

      13512ca83401d4a94f6ca2fe8bc742ca

    • SHA1

      de6caf7d767d89dce94ce3f3f828742f55a82b6c

    • SHA256

      ceff35deb6c1159e48b44a9bc30c6ffafeb3787824de4ea03415eeb8dd3a6a30

    • SHA512

      adf6c380f633d6365c7eaf8cf32e41fb134175b5ca7c2b7b2b74cbccb7a4dae7c4b890ebed656165f536b6a0968a52743e740d8062aea311a37709bb92935d59

    • SSDEEP

      3072:IMr6N9WfdNAbxBU69VyZhDsHYZ3rDINcQR0n6ecZdGU1QLaLNmYqhPzxm1xO:IMqWfdNANO6yEYZ7DVQgsQLPzo1xO

    Score
    10/10
    ramnitbankerpersistencespywarestealertrojanupxworm

    • Modifies WinLogon for persistence

      persistence

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

      trojanspywarestealerwormbankerramnit

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks