General
-
Target
ramnitdouble-original.vbs
-
Size
331KB
-
Sample
220301-w7snsacgbk
-
MD5
8e1cc1e4ccefee63008ff49219345a44
-
SHA1
73f71bdf3c986caab0482a503700b24150d84b20
-
SHA256
b41d64df33eff5fe041782eb6b1d54121b35985aaf57ef852dbdf08f4a7abc2e
-
SHA512
6e8b9cbf03b6df893e9323e7ae70937d7223dc4f217b5b093f0cc831f3b6c58bdc422dd7e27be79037339268949005b0b395f585d50c40acca5869ee1bf6d9d7
Static task
static1
Behavioral task
behavioral1
Sample
ramnitdouble-original.vbs
Resource
win7-20220223-en
Behavioral task
behavioral2
Sample
ramnitdouble-original.vbs
Resource
win10v2004-en-20220113
Malware Config
Targets
-
-
Target
ramnitdouble-original.vbs
-
Size
331KB
-
MD5
8e1cc1e4ccefee63008ff49219345a44
-
SHA1
73f71bdf3c986caab0482a503700b24150d84b20
-
SHA256
b41d64df33eff5fe041782eb6b1d54121b35985aaf57ef852dbdf08f4a7abc2e
-
SHA512
6e8b9cbf03b6df893e9323e7ae70937d7223dc4f217b5b093f0cc831f3b6c58bdc422dd7e27be79037339268949005b0b395f585d50c40acca5869ee1bf6d9d7
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-