General
-
Target
087d6db9d77131c187e49ce566c78a27b0c3d1a7d55bc1b055858888637b48d0
-
Size
6.0MB
-
Sample
241120-ye6faawpfm
-
MD5
ac7276cda48648e044a5160d2642aa5c
-
SHA1
b0bfb31d6231eee5003ca26193feec3efe82f8e0
-
SHA256
087d6db9d77131c187e49ce566c78a27b0c3d1a7d55bc1b055858888637b48d0
-
SHA512
8210a21302ec4b0212fc58349ecb86de8b9a90119b7c13cf4ea2002a97d4e53c414e0c6b528da848753b9c693ff44651a813f01ba7cd0a5a1881beaae46ce3e0
-
SSDEEP
98304:OnzYJN9FRmWIuJzxP4618frP3wbzWFimaI7dloCP265:NJTmWnEgbzWFimaI7dlzOI
Static task
static1
Behavioral task
behavioral1
Sample
087d6db9d77131c187e49ce566c78a27b0c3d1a7d55bc1b055858888637b48d0.exe
Resource
win7-20241023-en
Malware Config
Targets
-
-
Target
087d6db9d77131c187e49ce566c78a27b0c3d1a7d55bc1b055858888637b48d0
-
Size
6.0MB
-
MD5
ac7276cda48648e044a5160d2642aa5c
-
SHA1
b0bfb31d6231eee5003ca26193feec3efe82f8e0
-
SHA256
087d6db9d77131c187e49ce566c78a27b0c3d1a7d55bc1b055858888637b48d0
-
SHA512
8210a21302ec4b0212fc58349ecb86de8b9a90119b7c13cf4ea2002a97d4e53c414e0c6b528da848753b9c693ff44651a813f01ba7cd0a5a1881beaae46ce3e0
-
SSDEEP
98304:OnzYJN9FRmWIuJzxP4618frP3wbzWFimaI7dloCP265:NJTmWnEgbzWFimaI7dlzOI
-
Ramnit family
-
A potential corporate email address has been identified in the URL: [email protected]
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Browser Extensions
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1