General
-
Target
bc.vbs
-
Size
169KB
-
Sample
220219-12r8aadgb5
-
MD5
c8d448840522a0d83b0a8a32cfa50352
-
SHA1
98f1145de8f3cc1764451ff65fa1c7051280c455
-
SHA256
4ee7ce2fdad1a287ac5299129c80dfc3fedb2a5eb31a1af706d1fc466cb2839a
-
SHA512
0ff8e8b9cd33ec9973fc14e55acf1648a3e6f7ce215157fb41aa737441f0b727934ab6a4cbae8ec7eff02872690bd72f2ae63cee1490b79cbd952b53e937bebd
Malware Config
Targets
-
-
Target
bc.vbs
-
Size
169KB
-
MD5
c8d448840522a0d83b0a8a32cfa50352
-
SHA1
98f1145de8f3cc1764451ff65fa1c7051280c455
-
SHA256
4ee7ce2fdad1a287ac5299129c80dfc3fedb2a5eb31a1af706d1fc466cb2839a
-
SHA512
0ff8e8b9cd33ec9973fc14e55acf1648a3e6f7ce215157fb41aa737441f0b727934ab6a4cbae8ec7eff02872690bd72f2ae63cee1490b79cbd952b53e937bebd
Score10/10-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-