Overview

overview

10

Static

static

3

924a83b4d5...aN.exe

windows7-x64

10

924a83b4d5...aN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    924a83b4d5808b71ba0dda539cd252ad284e8a0345ff85eb733d4fbb460693baN.exe

  • Size

    204KB

  • Sample

    250101-qmc5pswlb1

  • MD5

    3c5fbf24715319bd5bd4f93d52e8fba0

  • SHA1

    575952bbd7ca62febe8abee8aca1a5a84db335dc

  • SHA256

    924a83b4d5808b71ba0dda539cd252ad284e8a0345ff85eb733d4fbb460693ba

  • SHA512

    593b282f4f38cc953b7aa17427650f214c4e34ca1d90daba970e88e77f46f2fe3f4c1f138c03c80d9ada10ef63f6e84b44188465401c637235f007efe0c19ee2

  • SSDEEP

    3072:E4FICeG4HN46gEuFyQLBvBt0M1qCWzJP0ruTTBaClHpspom7ffrAmp1:sCextyTLBf0dJ5TTBZbspom7bX3

Score
10/10
ramnitbankerdiscoveryevasionpersistencespywarestealertrojanupxworm

Malware Config

Targets

    • Target

      924a83b4d5808b71ba0dda539cd252ad284e8a0345ff85eb733d4fbb460693baN.exe

    • Size

      204KB

    • MD5

      3c5fbf24715319bd5bd4f93d52e8fba0

    • SHA1

      575952bbd7ca62febe8abee8aca1a5a84db335dc

    • SHA256

      924a83b4d5808b71ba0dda539cd252ad284e8a0345ff85eb733d4fbb460693ba

    • SHA512

      593b282f4f38cc953b7aa17427650f214c4e34ca1d90daba970e88e77f46f2fe3f4c1f138c03c80d9ada10ef63f6e84b44188465401c637235f007efe0c19ee2

    • SSDEEP

      3072:E4FICeG4HN46gEuFyQLBvBt0M1qCWzJP0ruTTBaClHpspom7ffrAmp1:sCextyTLBf0dJ5TTBZbspom7bX3

    Score
    10/10
    ramnitbankerdiscoverypersistencespywarestealertrojanupxwormevasion

    • Modifies firewall policy service

      evasion

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

      trojanspywarestealerwormbankerramnit

    • Ramnit family

      ramnit

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks