Overview

overview

10

Static

static

ramnitdoub...al.vbs

windows7_x64

10

ramnitdoub...al.vbs

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ramnitdouble-original.vbs

  • Size

    331KB

  • Sample

    220301-w7snsacgbk

  • MD5

    8e1cc1e4ccefee63008ff49219345a44

  • SHA1

    73f71bdf3c986caab0482a503700b24150d84b20

  • SHA256

    b41d64df33eff5fe041782eb6b1d54121b35985aaf57ef852dbdf08f4a7abc2e

  • SHA512

    6e8b9cbf03b6df893e9323e7ae70937d7223dc4f217b5b093f0cc831f3b6c58bdc422dd7e27be79037339268949005b0b395f585d50c40acca5869ee1bf6d9d7

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Targets

    • Target

      ramnitdouble-original.vbs

    • Size

      331KB

    • MD5

      8e1cc1e4ccefee63008ff49219345a44

    • SHA1

      73f71bdf3c986caab0482a503700b24150d84b20

    • SHA256

      b41d64df33eff5fe041782eb6b1d54121b35985aaf57ef852dbdf08f4a7abc2e

    • SHA512

      6e8b9cbf03b6df893e9323e7ae70937d7223dc4f217b5b093f0cc831f3b6c58bdc422dd7e27be79037339268949005b0b395f585d50c40acca5869ee1bf6d9d7

    Score
    10/10
    ramnitbankerspywarestealertrojanupxworm

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

      trojanspywarestealerwormbankerramnit

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

4
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks