General
-
Target
c191595a7ab6af9541dadd4b6544c9b65a9e5fa76f49836d1f3fc28a50c0459f.exe
-
Size
464KB
-
Sample
240529-ppm71sfb24
-
MD5
5ff1999425fe352ee7fe4d1eb995a2fe
-
SHA1
2cb44adb130a1316010cee3e54dbbc432f40d807
-
SHA256
c191595a7ab6af9541dadd4b6544c9b65a9e5fa76f49836d1f3fc28a50c0459f
-
SHA512
58bb4d99c717a52fe7cd516eb6a1db45428e666788742d452eae902a80391ccb8249f40bd05a2c2f79826d0c744859e8b2c85e0d4578867cf2ff5ab6acceb4f1
-
SSDEEP
6144:5Sl3cEjScqKbDFrXNAvJ3BEXDhI0ifpxzxGqW7qcRa9Br7ierTrD9f5jxZ8YFYZH:QlsEGZK1SB30mRG9mcrefJ1bXCtsdu
Malware Config
Extracted
ramnit
9
coolinrek.eu:443
-
campaign_timestamp
1.512372688e+09
-
compile_timestamp
1.507285437e+09
-
dga_seed
2.559241794e+09
-
listen_port
0
-
num_dga_domains
100
Extracted
ramnit
��
coolinrek.eu:443
-
campaign_timestamp
1.512372688e+09
-
compile_timestamp
1.507285437e+09
-
dga_seed
2.559241794e+09
-
listen_port
0
-
num_dga_domains
100
Targets
-
-
Target
c191595a7ab6af9541dadd4b6544c9b65a9e5fa76f49836d1f3fc28a50c0459f.exe
-
Size
464KB
-
MD5
5ff1999425fe352ee7fe4d1eb995a2fe
-
SHA1
2cb44adb130a1316010cee3e54dbbc432f40d807
-
SHA256
c191595a7ab6af9541dadd4b6544c9b65a9e5fa76f49836d1f3fc28a50c0459f
-
SHA512
58bb4d99c717a52fe7cd516eb6a1db45428e666788742d452eae902a80391ccb8249f40bd05a2c2f79826d0c744859e8b2c85e0d4578867cf2ff5ab6acceb4f1
-
SSDEEP
6144:5Sl3cEjScqKbDFrXNAvJ3BEXDhI0ifpxzxGqW7qcRa9Br7ierTrD9f5jxZ8YFYZH:QlsEGZK1SB30mRG9mcrefJ1bXCtsdu
Score10/10-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-