General

  • Target

    db5183f6a04f19e2faa86d8198e9408a35785792cc50d73ad6ff80b19d6b0be6N.exe

  • Size

    4.7MB

  • Sample

    241217-wxd3mstpbs

  • MD5

    dcb842ae53cff2f202901e4cb2410fe0

  • SHA1

    3d9f9313a43402707baa50bbbbe5aa085ee03101

  • SHA256

    db5183f6a04f19e2faa86d8198e9408a35785792cc50d73ad6ff80b19d6b0be6

  • SHA512

    8f674b904541c42db33b801412a1c0083d7fd8f32a3b66ac6bf778bac7b96a283ec10cf541a50f7ab251c94bd5bb02d69bbc7e565de9c5e4ed679f2beabb9a15

  • SSDEEP

    98304:9aTiZ7qe+aOKvp3QZ6/HbS9FugmTw3gvhiWaOuBuJ0Ato4z/ukD:9aTiZ7qfRmp3QZ6/+9Fu/v0AmWh

Malware Config

Targets

    • Target

      db5183f6a04f19e2faa86d8198e9408a35785792cc50d73ad6ff80b19d6b0be6N.exe

    • Size

      4.7MB

    • MD5

      dcb842ae53cff2f202901e4cb2410fe0

    • SHA1

      3d9f9313a43402707baa50bbbbe5aa085ee03101

    • SHA256

      db5183f6a04f19e2faa86d8198e9408a35785792cc50d73ad6ff80b19d6b0be6

    • SHA512

      8f674b904541c42db33b801412a1c0083d7fd8f32a3b66ac6bf778bac7b96a283ec10cf541a50f7ab251c94bd5bb02d69bbc7e565de9c5e4ed679f2beabb9a15

    • SSDEEP

      98304:9aTiZ7qe+aOKvp3QZ6/HbS9FugmTw3gvhiWaOuBuJ0Ato4z/ukD:9aTiZ7qfRmp3QZ6/+9Fu/v0AmWh

    • Modifies firewall policy service

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

    • Ramnit family

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks