General

  • Target

    2715e2e331369c798ad9218355bc79e0bed9d8e4f6fdf165202ede645a158a7e.exe

  • Size

    4.7MB

  • Sample

    241218-mwcczsxjgq

  • MD5

    0fd370a8f48b6f0f833fb24a77d98ae3

  • SHA1

    579cbfbe20611958062b102652a4051a6b9a1be8

  • SHA256

    2715e2e331369c798ad9218355bc79e0bed9d8e4f6fdf165202ede645a158a7e

  • SHA512

    5f7be894f9f2675b7f8b4e643ce0d0cbbc3ab997856f8f51422f12c0978417de47d125d0ba88beb1334cdc974ff31030f4d8d570f46d74749e15437aa08f976e

  • SSDEEP

    98304:9aTiZ7qe+aOKvp3QZ6/HbS9FugmTw3gvhiWaOuBuJ0Ato4z/ukDr:9aTiZ7qfRmp3QZ6/+9Fu/v0AmWh/

Malware Config

Targets

    • Target

      2715e2e331369c798ad9218355bc79e0bed9d8e4f6fdf165202ede645a158a7e.exe

    • Size

      4.7MB

    • MD5

      0fd370a8f48b6f0f833fb24a77d98ae3

    • SHA1

      579cbfbe20611958062b102652a4051a6b9a1be8

    • SHA256

      2715e2e331369c798ad9218355bc79e0bed9d8e4f6fdf165202ede645a158a7e

    • SHA512

      5f7be894f9f2675b7f8b4e643ce0d0cbbc3ab997856f8f51422f12c0978417de47d125d0ba88beb1334cdc974ff31030f4d8d570f46d74749e15437aa08f976e

    • SSDEEP

      98304:9aTiZ7qe+aOKvp3QZ6/HbS9FugmTw3gvhiWaOuBuJ0Ato4z/ukDr:9aTiZ7qfRmp3QZ6/+9Fu/v0AmWh/

    • Modifies firewall policy service

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

    • Ramnit family

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks