General

  • Target

    087d6db9d77131c187e49ce566c78a27b0c3d1a7d55bc1b055858888637b48d0

  • Size

    6.0MB

  • Sample

    241120-ye6faawpfm

  • MD5

    ac7276cda48648e044a5160d2642aa5c

  • SHA1

    b0bfb31d6231eee5003ca26193feec3efe82f8e0

  • SHA256

    087d6db9d77131c187e49ce566c78a27b0c3d1a7d55bc1b055858888637b48d0

  • SHA512

    8210a21302ec4b0212fc58349ecb86de8b9a90119b7c13cf4ea2002a97d4e53c414e0c6b528da848753b9c693ff44651a813f01ba7cd0a5a1881beaae46ce3e0

  • SSDEEP

    98304:OnzYJN9FRmWIuJzxP4618frP3wbzWFimaI7dloCP265:NJTmWnEgbzWFimaI7dlzOI

Malware Config

Targets

    • Target

      087d6db9d77131c187e49ce566c78a27b0c3d1a7d55bc1b055858888637b48d0

    • Size

      6.0MB

    • MD5

      ac7276cda48648e044a5160d2642aa5c

    • SHA1

      b0bfb31d6231eee5003ca26193feec3efe82f8e0

    • SHA256

      087d6db9d77131c187e49ce566c78a27b0c3d1a7d55bc1b055858888637b48d0

    • SHA512

      8210a21302ec4b0212fc58349ecb86de8b9a90119b7c13cf4ea2002a97d4e53c414e0c6b528da848753b9c693ff44651a813f01ba7cd0a5a1881beaae46ce3e0

    • SSDEEP

      98304:OnzYJN9FRmWIuJzxP4618frP3wbzWFimaI7dloCP265:NJTmWnEgbzWFimaI7dlzOI

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

    • Ramnit family

    • A potential corporate email address has been identified in the URL: [email protected]

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks