Overview

overview

10

Static

static

5

9e5696e3e9...1N.exe

windows7-x64

3

9e5696e3e9...1N.exe

windows10-2004-x64

3

$PLUGINSDI...nt.dll

windows7-x64

3

$PLUGINSDI...nt.dll

windows10-2004-x64

3

$PLUGINSDI...nd.dll

windows7-x64

10

$PLUGINSDI...nd.dll

windows10-2004-x64

10

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...st.dll

windows7-x64

10

$PLUGINSDI...st.dll

windows10-2004-x64

10

$PLUGINSDI...em.dll

windows7-x64

10

$PLUGINSDI...em.dll

windows10-2004-x64

10

$PLUGINSDI...te.dll

windows7-x64

3

$PLUGINSDI...te.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...om.dll

windows7-x64

10

$PLUGINSDI...om.dll

windows10-2004-x64

10

$PLUGINSDIR/xml.dll

windows7-x64

10

$PLUGINSDIR/xml.dll

windows10-2004-x64

10

$TEMP/$_89...in.dll

windows7-x64

10

$TEMP/$_89...in.dll

windows10-2004-x64

10

7za.exe

windows7-x64

3

7za.exe

windows10-2004-x64

3

BORLNDMM.dll

windows7-x64

3

BORLNDMM.dll

windows10-2004-x64

3

CC3250MT.dll

windows7-x64

3

CC3250MT.dll

windows10-2004-x64

3

aq7z.dll

windows7-x64

3

aq7z.dll

windows10-2004-x64

3

aqhttp.dll

windows7-x64

3

aqhttp.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9e5696e3e951844ffd11c2fd05d417ddf610375d3c4c5826018ad4ed4f5559e1N.exe

  • Size

    2.5MB

  • Sample

    250124-l7b1xstjbx

  • MD5

    272cba14945f8edb83d54bdb57250260

  • SHA1

    3e9f95b2ed1ac701eb01f10574cd3a83238f2222

  • SHA256

    9e5696e3e951844ffd11c2fd05d417ddf610375d3c4c5826018ad4ed4f5559e1

  • SHA512

    d920bb92183f7f5bc070a4f267ad5796bdf0390f8d249ec417ac5d37dc70c1791ab8c5a8f54d4841dfb0b4b18ca4c6d167a48cdf413c328ba5c17f8fe551fa16

  • SSDEEP

    49152:OH8wSsRYJIFyM63fC+q31wLZXGa6fIeh1ZMN739iMJ1ZX:28wDRYPzw1mXGlvQ7tiG/

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Targets

    • Target

      9e5696e3e951844ffd11c2fd05d417ddf610375d3c4c5826018ad4ed4f5559e1N.exe

    • Size

      2.5MB

    • MD5

      272cba14945f8edb83d54bdb57250260

    • SHA1

      3e9f95b2ed1ac701eb01f10574cd3a83238f2222

    • SHA256

      9e5696e3e951844ffd11c2fd05d417ddf610375d3c4c5826018ad4ed4f5559e1

    • SHA512

      d920bb92183f7f5bc070a4f267ad5796bdf0390f8d249ec417ac5d37dc70c1791ab8c5a8f54d4841dfb0b4b18ca4c6d167a48cdf413c328ba5c17f8fe551fa16

    • SSDEEP

      49152:OH8wSsRYJIFyM63fC+q31wLZXGa6fIeh1ZMN739iMJ1ZX:28wDRYPzw1mXGlvQ7tiG/

    Score
    3/10
    discovery
    behavioral1behavioral2

    • Target

      $PLUGINSDIR/ButtonEvent.dll

    • Size

      4KB

    • MD5

      fad9d09fc0267e8513b8628e767b2604

    • SHA1

      bea76a7621c07b30ed90bedef4d608a5b9e15300

    • SHA256

      5d913c6be9c9e13801acc5d78b11d9f3cd42c1b3b3cad8272eb6e1bfb06730c2

    • SHA512

      b39c5ea8aea0640f5a32a1fc03e8c8382a621c168980b3bc5e2897932878003b2b8ef75b3ad68149c35420d652143e2ef763b6a47d84ec73621017f0273e2805

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/MyNsisExtend.dll

    • Size

      596KB

    • MD5

      37e4e1ab9aee0596c2fa5888357a63b0

    • SHA1

      a5dba8c0a1bd936dca2b6a81f2dc9a3005f1a2b6

    • SHA256

      ff4b245fea98cedd881ca102468623a449a0b40df0c557dd8a6ea32e788d56fe

    • SHA512

      5cbab2872683079c6cc09423a2baf7107b5ac5731f336cd237fa93a4a4ee53a127963dc0ec0dbc6168b9b3d2c3a881c7663ce4ecd84d964628dd566395d49bb3

    • SSDEEP

      12288:1QXznhWxifqPG8yDAay0BQeMrtQW27ZJ6ObWTE5lqtmsVsIdj:1QXznYybPJnWTE5lqwsKG

    Score
    10/10
    ramnitbankerdiscoveryspywarestealertrojanupxworm

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

      trojanspywarestealerwormbankerramnit

    • Ramnit family

      ramnit

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/NSISdl.dll

    • Size

      14KB

    • MD5

      a5f8399a743ab7f9c88c645c35b1ebb5

    • SHA1

      168f3c158913b0367bf79fa413357fbe97018191

    • SHA256

      dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9

    • SHA512

      824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

    • SSDEEP

      192:tUZTobBDJ68r67wmsvJI5ad9cXzFOVu+mZ/P3p+57CvpVqDxVp01Dwn2GRPgsfA:6Bo/680dCI5adOjFOg9//p27uNw2Go

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      $PLUGINSDIR/PackageAssist.dll

    • Size

      204KB

    • MD5

      3ad657fc9507467d770e297803473d66

    • SHA1

      0d33fba778b0e91ebc503a3686cf1903d1b80266

    • SHA256

      1a8e33f27002549ad3bd44e0032028a4f84ffb7ce07889605f5a9219aea9691e

    • SHA512

      a6a06c103d5f8e19b139071f24c640ebe77a17bb249de6b64321d9a28ace5a6c37582701db90b8754f9db523f3085cb71271c84dd4dbb609e9c40b06a3aa35fe

    • SSDEEP

      3072:iOHvt3fbTYYout98liJICstj3GDijRGoqVvbaNXubJ1JI:5Hvt3fwYollgq24LqVvWIdjI

    Score
    10/10
    ramnitbankerdiscoveryspywarestealertrojanupxworm

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

      trojanspywarestealerwormbankerramnit

    • Ramnit family

      ramnit

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral10behavioral9

    • Target

      $PLUGINSDIR/System.dll

    • Size

      67KB

    • MD5

      bd05feb8825b15dcdd9100d478f04e17

    • SHA1

      a67d82be96a439ce1c5400740da5c528f7f550e0

    • SHA256

      4972cca9555b7e5dcb6feef63605305193835ea63f343df78902bbcd432ba496

    • SHA512

      67f1894c79bbcef4c7fedd91e33ec48617d5d34c2d9ebcd700c935b7fe1b08971d4c68a71d5281abac97e62d6b8c8f318cc6ff15ea210ddcf21ff04a9e5a7f95

    • SSDEEP

      1536:2IfbmtOpUtoqoQvfDrghNT+2w8mbJ1/NfSttVx:bfi4GoqVvbaNXubJ1JI

    Score
    10/10
    ramnitbankerdiscoveryspywarestealertrojanupxworm

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

      trojanspywarestealerwormbankerramnit

    • Ramnit family

      ramnit

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral11behavioral12

    • Target

      $PLUGINSDIR/locate.dll

    • Size

      17KB

    • MD5

      7d3317f57c1a368480ace3c0ca804eeb

    • SHA1

      d4c7e185bc64aac82339f51ba6c21cf0713c9f1a

    • SHA256

      d88a04c1e39db583eaad727fd390fe599ab10198ee040bfbdd22daefadbd2372

    • SHA512

      5598c2e6caa2f66edd48f8c8305e054d4b0740b5f2b7ed92cf197a13ac66ba99a32013d34b3c2e28d007ab7979eb90a50681324eb736b1410e7df1902e4ec32a

    • SSDEEP

      384:ev/vPBkA6dK8wiLe45naPji7hpx2kRV+qgm:evyvwiNnGji7Xxjc8

    Score
    3/10
    discovery
    behavioral13behavioral14

    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      9KB

    • MD5

      c10e04dd4ad4277d5adc951bb331c777

    • SHA1

      b1e30808198a3ae6d6d1cca62df8893dc2a7ad43

    • SHA256

      e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a

    • SHA512

      853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e

    • SSDEEP

      96:hBABCcnl5TKhkfLxSslykcxM2DjDf3GE+Xv8Xav+Yx4VndY7ndS27gA:h6n+0SAfRE+/8ZYxMdqn420

    Score
    3/10
    discovery
    behavioral15behavioral16

    • Target

      $PLUGINSDIR/nsRandom.dll

    • Size

      77KB

    • MD5

      d86b2899f423931131b696ff659aa7ed

    • SHA1

      007ca98f5d7921fe26fb9b8bd8a822dd5ae09ed6

    • SHA256

      8935cba8e9b276daa357a809e0eca3bebf3fdc6d0d3466ab37fb2cbbfacd3a94

    • SHA512

      9a4437ab484e4e22597c642d21b0107a063a208a582df3a5bf276466ad8d0ba9aeebac6de8dcf1372939984bb187d58e94c799918cfbe80e85c958bf0a537fc7

    • SSDEEP

      1536:/lKXi95r2UwOpUtoqoQvfDrghNT+2w8mbJ1/NfSttVx:sgr2eGoqVvbaNXubJ1JI

    Score
    10/10
    ramnitbankerdiscoveryspywarestealertrojanupxworm

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

      trojanspywarestealerwormbankerramnit

    • Ramnit family

      ramnit

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral17behavioral18

    • Target

      $PLUGINSDIR/xml.dll

    • Size

      175KB

    • MD5

      0ad70d0ebf9562e53f2fd9518c3b04a3

    • SHA1

      4de4487e4d1e87b782eceb3b74d9510cc28b0c70

    • SHA256

      3bd4a099f0e0eefeaacfdba6c0ab760b6e9250167ba6a30eafaa668ca53ce5e9

    • SHA512

      f75e089f7eb44071f227cd9705b8e44982429f889f93230e98095aac60afc1bdd39a010787235c171cd9fb9ead8023043b147022ab007e8cf1c3204064905719

    • SSDEEP

      3072:vzjLkarn7O+n9z2L6whFtGF42bKgGoqVvbaNXubJ1JI:vzP7n7O7L6K2lqVvWIdjI

    Score
    10/10
    ramnitbankerdiscoveryspywarestealertrojanupxworm

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

      trojanspywarestealerwormbankerramnit

    • Ramnit family

      ramnit

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral19behavioral20

    • Target

      $TEMP/$_89_/MyNsisSkin.dll

    • Size

      384KB

    • MD5

      a6039ed51a4c143794345b29f5f09c64

    • SHA1

      ef08cb5dfa598d9d5b43b8af49f54b2c7dac00d4

    • SHA256

      95ae945504972cadcf2ccfb2b3d02ea8cade3ee53f2f2082e8b40b61f660877a

    • SHA512

      0ed3d0c070bfd91e2355aec5a30ad5cbaf6949c965af5e0ee1ecf2edd5f5aeba3819b4667a0301f8b52c8fd56d3bae35fa4f77063d56c8f89055784d0c0a30a8

    • SSDEEP

      6144:yOrNKQjNQnWqJolkFucBm1fXr9ICcYerKJbYm3IyU5qVvWIdjI:y4NKQjNQfqOuEm1fXncdrKJbJgtIdj

    Score
    10/10
    ramnitbankerdiscoveryspywarestealertrojanupxworm

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

      trojanspywarestealerwormbankerramnit

    • Ramnit family

      ramnit

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral21behavioral22

    • Target

      7za.exe

    • Size

      574KB

    • MD5

      42badc1d2f03a8b1e4875740d3d49336

    • SHA1

      cee178da1fb05f99af7a3547093122893bd1eb46

    • SHA256

      c136b1467d669a725478a6110ebaaab3cb88a3d389dfa688e06173c066b76fcf

    • SHA512

      6bc519a7368ee6bd8c8f69f2d634dd18799b4ca31fbc284d2580ba625f3a88b6a52d2bc17bea0e75e63ca11c10356c47ee00c2c500294abcb5141424fc5dc71c

    • SSDEEP

      12288:myyKdVnyNhXCV4EkP7AIfzNXZ0b5NrnkcAqIV0A1caRI:mKvyNhXCV4E8BXAfrnkcAqU0A

    Score
    3/10
    discovery
    behavioral23behavioral24

    • Target

      BORLNDMM.DLL

    • Size

      25KB

    • MD5

      f77ae8118cd580ad4fec3f5ee4e00fca

    • SHA1

      6576e2b1404976b079e9a995a9b3c029b740f539

    • SHA256

      504db0d77d52e1922673ff5b5d2a614233fc5f3415ebaa8126e8d4ee7d4c11c2

    • SHA512

      e59c521662e7d9e35a1807b8e3beac45f7c080b723e0f40e1e0626e6d90342792a0656e2812f8bd036a0ec24a089dcb4210a5465209a397283f8bb06cc027e7a

    • SSDEEP

      768:jGwqXbEQK4fxwV/QeRAqphtkqX8Eyrqsy:SwqXbE2S/RAqRk4vQy

    Score
    3/10
    discovery
    behavioral25behavioral26

    • Target

      CC3250MT.DLL

    • Size

      1.4MB

    • MD5

      7fef9df21cc3f7aadd4f355c69b4f076

    • SHA1

      f1273ee2ee28e80635ce822ed8b3e7937ca52142

    • SHA256

      0f7fca8470b392df3fcd9136dc87bc796d13784e3cd4f55d9c26c24cbbe17572

    • SHA512

      f95eb9b50aee11c8e1da08d3906775c295e484f323f8d8252cafe4b46117fcf916c66f918a9af55dc78d13e953d115f35672e02ff2f60deca2b4453b3eafdf2d

    • SSDEEP

      24576:aUMbMXpbKaFILJy5IeMzl77BDw8SruhZEiJ:xMbEXFINy5IeY7T

    Score
    3/10
    discovery
    behavioral27behavioral28

    • Target

      aq7z.dll

    • Size

      94KB

    • MD5

      53014f3764238d08a48590e2e1f5f4b9

    • SHA1

      d29a5a32e894f6fa589468f855ac99e6f547af00

    • SHA256

      f06254e552c975775d570f1278a2d3c48f61a8df100b0d138110316b47c91823

    • SHA512

      4c91352728c880a5db4256a5d9090d9af956fa3026a5b46464b5f09a67e11cb782db83b43f8ec08926268ec735a9a6bb3f7eca82e714325a7f6299a8e463f28e

    • SSDEEP

      1536:YHVYz2JZuFaPVRqykTUapbaGcW+JsWjcd+DVle27+i:icsZD+yQlaSx+VsG+i

    Score
    3/10
    discovery
    behavioral29behavioral30

    • Target

      aqhttp.dll

    • Size

      276KB

    • MD5

      3c9ec661f20ee6ca4bb17cfe7c0a5174

    • SHA1

      9b9cbfe0e640d7e97c9c6caa5eb5fa9160cfcfe3

    • SHA256

      71fd49b5c6af695e92eea36794025fca1b629cba62be6a5cdaf37648dd412c98

    • SHA512

      2eebe718992a392c9a57a99cd3414e3a52fd14f06d52974d7700d57d9cf6dffafe80061f6f872edd4173982eabb95abbd99694760ce3fb35377513a8cf13ca5a

    • SSDEEP

      3072:Vc5zhpoq5HD2d2G110e8Z8pbachkddtldc2rp6uaGckcdrpgAuhmoTeQubqXK5+0:VCzhGYlI0e8chctlJpZHcPUXKj2WXNZ

    Score
    3/10
    discovery
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

upx
Score
5/10

behavioral1

discovery
Score
3/10

behavioral2

discovery
Score
3/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

ramnitbankerdiscoveryspywarestealertrojanupxworm
Score
10/10

behavioral6

ramnitbankerdiscoveryspywarestealertrojanupxworm
Score
10/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

ramnitbankerdiscoveryspywarestealertrojanupxworm
Score
10/10

behavioral10

ramnitbankerdiscoveryspywarestealertrojanupxworm
Score
10/10

behavioral11

ramnitbankerdiscoveryspywarestealertrojanupxworm
Score
10/10

behavioral12

ramnitbankerdiscoveryspywarestealertrojanupxworm
Score
10/10

behavioral13

discovery
Score
3/10

behavioral14

discovery
Score
3/10

behavioral15

discovery
Score
3/10

behavioral16

discovery
Score
3/10

behavioral17

ramnitbankerdiscoveryspywarestealertrojanupxworm
Score
10/10

behavioral18

ramnitbankerdiscoveryspywarestealertrojanupxworm
Score
10/10

behavioral19

ramnitbankerdiscoveryspywarestealertrojanupxworm
Score
10/10

behavioral20

ramnitbankerdiscoveryspywarestealertrojanupxworm
Score
10/10

behavioral21

ramnitbankerdiscoveryspywarestealertrojanupxworm
Score
10/10

behavioral22

ramnitbankerdiscoveryspywarestealertrojanupxworm
Score
10/10

behavioral23

discovery
Score
3/10

behavioral24

discovery
Score
3/10

behavioral25

discovery
Score
3/10

behavioral26

discovery
Score
3/10

behavioral27

discovery
Score
3/10

behavioral28

discovery
Score
3/10

behavioral29

discovery
Score
3/10

behavioral30

discovery
Score
3/10

behavioral31

discovery
Score
3/10

behavioral32

discovery
Score
3/10