General
-
Target
f145ba40ea8af1d7ccf0e4fb23065bc30c1497bb446b856aace283ab601aa588N.exe
-
Size
154KB
-
Sample
241211-ars4qawphz
-
MD5
d1a86d6617c02d6f108e23a07a8be6a0
-
SHA1
196fe6f3acaf1973f0e3aee0e3836a8cb030f825
-
SHA256
f145ba40ea8af1d7ccf0e4fb23065bc30c1497bb446b856aace283ab601aa588
-
SHA512
629dc73cce5f9b0532d817aa3e519a70812f8566f01ed4256d59ab9cc6c6339b6809ddc0e7ecd7a65ba6662577e6394d18dd151126596884e9e9ab9ca201863c
-
SSDEEP
3072:vgh2I2r6EHIABO7Q+Wzk8jwaaHw7Koj4r0Q+nh1fz8xcOtfHDHDPf:6EH7yihLfzmj5bDn
Malware Config
Targets
-
-
Target
f145ba40ea8af1d7ccf0e4fb23065bc30c1497bb446b856aace283ab601aa588N.exe
-
Size
154KB
-
MD5
d1a86d6617c02d6f108e23a07a8be6a0
-
SHA1
196fe6f3acaf1973f0e3aee0e3836a8cb030f825
-
SHA256
f145ba40ea8af1d7ccf0e4fb23065bc30c1497bb446b856aace283ab601aa588
-
SHA512
629dc73cce5f9b0532d817aa3e519a70812f8566f01ed4256d59ab9cc6c6339b6809ddc0e7ecd7a65ba6662577e6394d18dd151126596884e9e9ab9ca201863c
-
SSDEEP
3072:vgh2I2r6EHIABO7Q+Wzk8jwaaHw7Koj4r0Q+nh1fz8xcOtfHDHDPf:6EH7yihLfzmj5bDn
Score10/10-
Modifies WinLogon for persistence
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Ramnit family
-
UAC bypass
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Impair Defenses: Safe Mode Boot
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
2Disable or Modify Tools
1Safe Mode Boot
1Modify Registry
4