Overview

overview

10

Static

static

3

66877fa63f...6N.dll

windows7-x64

10

66877fa63f...6N.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    66877fa63f7c660b22dd48ccb953bdb9855568957c15a24073731c911b511926N

  • Size

    4.8MB

  • Sample

    241112-c1ph1awkbl

  • MD5

    d6a4c7403c2dc7ac47c03ebecf7ed390

  • SHA1

    3d760ac11c1ade04a3b5231331939cdc5d780c4f

  • SHA256

    66877fa63f7c660b22dd48ccb953bdb9855568957c15a24073731c911b511926

  • SHA512

    111557c2bdb96ac536a255b97b2a721f9a14acccb9feda585d4cfa5332c625e74a7660b470b380d24bb42812f66851f1821250e6429ff4480538e881981314ee

  • SSDEEP

    98304:raTiZ7qe+aOKvp3QZ6/HbS9FugmTw3gvhiWaOuBuJ0Ato4z/ukz:raTiZ7qfRmp3QZ6/+9Fu/v0AmWhz

Score
10/10
ramnitbankerdiscoverypersistencespywarestealertrojanupxworm

Malware Config

Targets

    • Target

      66877fa63f7c660b22dd48ccb953bdb9855568957c15a24073731c911b511926N

    • Size

      4.8MB

    • MD5

      d6a4c7403c2dc7ac47c03ebecf7ed390

    • SHA1

      3d760ac11c1ade04a3b5231331939cdc5d780c4f

    • SHA256

      66877fa63f7c660b22dd48ccb953bdb9855568957c15a24073731c911b511926

    • SHA512

      111557c2bdb96ac536a255b97b2a721f9a14acccb9feda585d4cfa5332c625e74a7660b470b380d24bb42812f66851f1821250e6429ff4480538e881981314ee

    • SSDEEP

      98304:raTiZ7qe+aOKvp3QZ6/HbS9FugmTw3gvhiWaOuBuJ0Ato4z/ukz:raTiZ7qfRmp3QZ6/+9Fu/v0AmWhz

    Score
    10/10
    ramnitbankerdiscoverypersistencespywarestealertrojanupxworm

    • Modifies WinLogon for persistence

      persistence

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

      trojanspywarestealerwormbankerramnit

    • Ramnit family

      ramnit

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks