General
-
Target
93ece3ae41e3e46b4ee761c03413d0a201ea1dba909528bd11040dc470c74a0fN.exe
-
Size
145KB
-
Sample
241225-vq9qaszkgw
-
MD5
20742acbbf24266c69fd14d1ea50cf90
-
SHA1
c39ec0575ca80ec520223c8669b228bdddb1e975
-
SHA256
93ece3ae41e3e46b4ee761c03413d0a201ea1dba909528bd11040dc470c74a0f
-
SHA512
9efbab9fe2ab57fe14a7195453e556bec98a5a4ac11f15058364a20cbf37fadfa4391f3ced64e3646aa23dc1525ca002ca4e188b887058931391b6150ba65bd0
-
SSDEEP
3072:JBL1t2b4DEDXUTKxGhqOIx4J2vNbGfvGnd3gW5ZM4/uZXqxue/:yED92UhGNdndPZMTZXqxD/
Malware Config
Targets
-
-
Target
93ece3ae41e3e46b4ee761c03413d0a201ea1dba909528bd11040dc470c74a0fN.exe
-
Size
145KB
-
MD5
20742acbbf24266c69fd14d1ea50cf90
-
SHA1
c39ec0575ca80ec520223c8669b228bdddb1e975
-
SHA256
93ece3ae41e3e46b4ee761c03413d0a201ea1dba909528bd11040dc470c74a0f
-
SHA512
9efbab9fe2ab57fe14a7195453e556bec98a5a4ac11f15058364a20cbf37fadfa4391f3ced64e3646aa23dc1525ca002ca4e188b887058931391b6150ba65bd0
-
SSDEEP
3072:JBL1t2b4DEDXUTKxGhqOIx4J2vNbGfvGnd3gW5ZM4/uZXqxue/:yED92UhGNdndPZMTZXqxD/
Score10/10-
Modifies WinLogon for persistence
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Ramnit family
-
UAC bypass
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file
-
Executes dropped EXE
-
Impair Defenses: Safe Mode Boot
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
2Disable or Modify Tools
1Safe Mode Boot
1Modify Registry
3