Overview

overview

10

Static

static

ramnitsingle.vbs

windows7_x64

10

ramnitsingle.vbs

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ramnitsingle.vbs

  • Size

    110KB

  • Sample

    220301-w8b3esbbd5

  • MD5

    de687e52085477b200c98fbda93505dc

  • SHA1

    433c2461d156ea76d2eb1f9740f5e17ed4c31e67

  • SHA256

    59561642f32679da96576e2ce946233f8ca58e0ddc07f3047e08a1177a471a8c

  • SHA512

    b960ab41c6138f30be4aec3604981c75d191d5da746104154e500be90687b9bfcc637c1e08a7e2ed74794e03db7aee1a4c2a875dc2f12509a28da5fbae6c5498

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Targets

    • Target

      ramnitsingle.vbs

    • Size

      110KB

    • MD5

      de687e52085477b200c98fbda93505dc

    • SHA1

      433c2461d156ea76d2eb1f9740f5e17ed4c31e67

    • SHA256

      59561642f32679da96576e2ce946233f8ca58e0ddc07f3047e08a1177a471a8c

    • SHA512

      b960ab41c6138f30be4aec3604981c75d191d5da746104154e500be90687b9bfcc637c1e08a7e2ed74794e03db7aee1a4c2a875dc2f12509a28da5fbae6c5498

    Score
    10/10
    ramnitbankerspywarestealertrojanupxworm

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

      trojanspywarestealerwormbankerramnit

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks