Ramexfour.zip -2021- Site
Every so often, a filename lands on our desk that is so sparse on details it becomes suspicious in itself. Today’s artifact: Ramexfour.zip -2021- .
October 11, 2023 Author: Threat Analysis Team Ramexfour.zip -2021-
Unboxing the Enigma: What We Found Inside Ramexfour.zip -2021- Every so often, a filename lands on our
Have a mysterious file you want us to analyze? Send the hash (not the actual file) to our threat intel inbox. Send the hash (not the actual file) to
No sender. No subject line in the metadata. Just a compressed folder, timestamped (or versioned) with a dash of mystery on either side of the year.
We ran a quick entropy scan on Ramexfour.zip . The entropy was moderately high but not maxed (approx 0.78 on a scale of 0-1). This suggests a mix of compressed data (images, PDFs, binaries) and plain text. A fully encrypted zip (with a password) would show near-perfect entropy. This file is likely not password protected .
Here is our deep dive into the enigma of Ramexfour . Why does the hyphen placement matter? Usually, timestamps follow a pattern— 2021-04-15 or log_2021 . But -2021- suggests the year is a middle marker , not a prefix or suffix.
memory usage 5.19 MB
FileData::readCache 2
MySQLDriver::_query::Time 2.1392447948456
MySQLDriver::_query 172
Configuration::read 29
Query::sanitizeQuery 2
ContentModel::_image 1
memory peak 5.83 MB
memory peak (allocated) 8.00 MB
memory usage (allocated) 8.00 MB
execution time 4.0929429531097
Output
🗨️Attempting to read cache '/server/machado/cache/environment.php'.
shiro\filedata\Cache::read()/server/machado/shiro/src/shiro/filedata/Data.php at line 29
shiro\filedata\Data::load()/server/machado/shiro/src/shiro/configuration/Environment.php at line 52
shiro\configuration\Environment::_load()/server/machado/shiro/src/shiro/configuration/Environment.php at line 17
shiro\configuration\Environment::read()/server/machado/shiro/src/shiro/navigation/Navigation.php at line 14
shiro\navigation\Navigation::base()/server/machado/shiro/src/shiro/navigation/Navigation.php at line 72
shiro\navigation\Navigation::paths()/server/machado/shiro/core/Shiro.php at line 147
Shiro->_executeLegacy()/server/machado/shiro/core/Shiro.php at line 93
Shiro->_execute()/server/machado/shiro/core/Shiro.php at line 56
Shiro->__construct()/server/machado/shiro/core/initialization.php at line 57
require()/server/machado/html/index.php at line 26
✔️Found cache '/server/machado/cache/environment.php'.
shiro\filedata\Cache::read()/server/machado/shiro/src/shiro/filedata/Data.php at line 29
shiro\filedata\Data::load()/server/machado/shiro/src/shiro/configuration/Environment.php at line 52
shiro\configuration\Environment::_load()/server/machado/shiro/src/shiro/configuration/Environment.php at line 17
shiro\configuration\Environment::read()/server/machado/shiro/src/shiro/navigation/Navigation.php at line 14
shiro\navigation\Navigation::base()/server/machado/shiro/src/shiro/navigation/Navigation.php at line 72
shiro\navigation\Navigation::paths()/server/machado/shiro/core/Shiro.php at line 147
Shiro->_executeLegacy()/server/machado/shiro/core/Shiro.php at line 93
Shiro->_execute()/server/machado/shiro/core/Shiro.php at line 56
Shiro->__construct()/server/machado/shiro/core/initialization.php at line 57
require()/server/machado/html/index.php at line 26
🗨️Attempting to read cache '/server/machado/cache/configuration-schema.php'.
shiro\filedata\Cache::read()/server/machado/shiro/src/shiro/filedata/Data.php at line 29
shiro\filedata\Data::load()/server/machado/shiro/src/shiro/configuration/ConfigurationModel.php at line 25
shiro\configuration\ConfigurationModel::schema()/server/machado/shiro/src/shiro/configuration/Configuration.php at line 94
shiro\configuration\Configuration::_loadSchema()/server/machado/shiro/src/shiro/configuration/Configuration.php at line 114
shiro\configuration\Configuration::_readSchemaVariable()/server/machado/shiro/src/shiro/configuration/Configuration.php at line 33
shiro\configuration\Configuration::read()/server/machado/shiro/application/core/MY_Controller.php at line 595
MY_Controller->_defineLegacyConstants()/server/machado/shiro/application/core/MY_Controller.php at line 57
MY_Controller->__construct()/server/machado/app/controllers/Text.php at line 47
Text->__construct()/server/machado/shiro/system/core/CodeIgniter.php at line 504
require_once()/server/machado/shiro/core/Shiro.php at line 251
Shiro->_executeLegacy()/server/machado/shiro/core/Shiro.php at line 93
Shiro->_execute()/server/machado/shiro/core/Shiro.php at line 56
Shiro->__construct()/server/machado/shiro/core/initialization.php at line 57
require()/server/machado/html/index.php at line 26
✔️Found cache '/server/machado/cache/configuration-schema.php'.
shiro\filedata\Cache::read()/server/machado/shiro/src/shiro/filedata/Data.php at line 29
shiro\filedata\Data::load()/server/machado/shiro/src/shiro/configuration/ConfigurationModel.php at line 25
shiro\configuration\ConfigurationModel::schema()/server/machado/shiro/src/shiro/configuration/Configuration.php at line 94
shiro\configuration\Configuration::_loadSchema()/server/machado/shiro/src/shiro/configuration/Configuration.php at line 114
shiro\configuration\Configuration::_readSchemaVariable()/server/machado/shiro/src/shiro/configuration/Configuration.php at line 33
shiro\configuration\Configuration::read()/server/machado/shiro/application/core/MY_Controller.php at line 595
MY_Controller->_defineLegacyConstants()/server/machado/shiro/application/core/MY_Controller.php at line 57
MY_Controller->__construct()/server/machado/app/controllers/Text.php at line 47
Text->__construct()/server/machado/shiro/system/core/CodeIgniter.php at line 504
require_once()/server/machado/shiro/core/Shiro.php at line 251
Shiro->_executeLegacy()/server/machado/shiro/core/Shiro.php at line 93
Shiro->_execute()/server/machado/shiro/core/Shiro.php at line 56
Shiro->__construct()/server/machado/shiro/core/initialization.php at line 57
require()/server/machado/html/index.php at line 26