Overview

overview

10

Static

static

3

81323fd94b...d4.dll

windows7-x64

10

81323fd94b...d4.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    81323fd94b1390b66662692f8c2104024d2cf9ab761763fd8ec497b5d4c577d4

  • Size

    584KB

  • Sample

    241224-31788a1mf1

  • MD5

    b67f234d2aff8a0ed8545bf5bb9f4f88

  • SHA1

    3db9eb3cec3df79a4adc7cc7394cfcb1f9e0be63

  • SHA256

    81323fd94b1390b66662692f8c2104024d2cf9ab761763fd8ec497b5d4c577d4

  • SHA512

    fbca5c0f05009e7388bbd2bf14de63065326c2abf7807bee72861a9dc055548ac3e6d42fa7db53d090d287e74098fdeb2137a0e49ae521af0979592a8c3ce528

  • SSDEEP

    12288:1hpUrEIZJqr1AkBWwNa5R0EYl795/amaX3QXaPKUmTO9A:1/jG01NHXaPVA

Score
10/10
ramnitbankerdiscoverypersistencespywarestealertrojanupxworm

Malware Config

Targets

    • Target

      81323fd94b1390b66662692f8c2104024d2cf9ab761763fd8ec497b5d4c577d4

    • Size

      584KB

    • MD5

      b67f234d2aff8a0ed8545bf5bb9f4f88

    • SHA1

      3db9eb3cec3df79a4adc7cc7394cfcb1f9e0be63

    • SHA256

      81323fd94b1390b66662692f8c2104024d2cf9ab761763fd8ec497b5d4c577d4

    • SHA512

      fbca5c0f05009e7388bbd2bf14de63065326c2abf7807bee72861a9dc055548ac3e6d42fa7db53d090d287e74098fdeb2137a0e49ae521af0979592a8c3ce528

    • SSDEEP

      12288:1hpUrEIZJqr1AkBWwNa5R0EYl795/amaX3QXaPKUmTO9A:1/jG01NHXaPVA

    Score
    10/10
    ramnitbankerdiscoverypersistencespywarestealertrojanupxworm

    • Modifies WinLogon for persistence

      persistence

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

      trojanspywarestealerwormbankerramnit

    • Ramnit family

      ramnit

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks