General
-
Target
Client.exe
-
Size
264KB
-
Sample
240604-rt6k9sac61
-
MD5
612f4e90461be10c465ca2037cfae0fd
-
SHA1
3f72719ef621781d53713cae90a68cc2967b69d2
-
SHA256
e91028292e9f544999a641c8656895a4cfec809d5c9e28429e4233f5d5a894b7
-
SHA512
76e8a376099ed58daabb276d21f25bba49e322f23dcb3c9fe1efe28b1dfcae88c7af13fe0e34999f29f252a793ac48b67ef23901d0935c9ce34701e68cce2fd5
-
SSDEEP
3072:T+C7mnudxFQjk4KYF0Nt8NeN3w/jhlhE1Z8Nig9Out+00pRF5VXbbkhdtfjuSI5:6AmnYQr0Ye6VlWT8b99800VbQdVu
Malware Config
Targets
-
-
Target
Client.exe
-
Size
264KB
-
MD5
612f4e90461be10c465ca2037cfae0fd
-
SHA1
3f72719ef621781d53713cae90a68cc2967b69d2
-
SHA256
e91028292e9f544999a641c8656895a4cfec809d5c9e28429e4233f5d5a894b7
-
SHA512
76e8a376099ed58daabb276d21f25bba49e322f23dcb3c9fe1efe28b1dfcae88c7af13fe0e34999f29f252a793ac48b67ef23901d0935c9ce34701e68cce2fd5
-
SSDEEP
3072:T+C7mnudxFQjk4KYF0Nt8NeN3w/jhlhE1Z8Nig9Out+00pRF5VXbbkhdtfjuSI5:6AmnYQr0Ye6VlWT8b99800VbQdVu
Score10/10-
Modifies WinLogon for persistence
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Modifies AppInit DLL entries
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Command and Scripting Interpreter: PowerShell
Start PowerShell.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Scheduled Task/Job
1