General
-
Target
RAMN.vbs
-
Size
169KB
-
Sample
220312-kmkxnaaea2
-
MD5
e5e7f440ae47fe295bb93034b1edf3c1
-
SHA1
bff968fb18c296edabf8ad52953e7c36ae0bcdea
-
SHA256
2a5fcd571c34b11c0c630c8cf1f50a91a136e931e0057f7f8e3ca36ecd73d993
-
SHA512
a45c68efa11bf061c5ed5fd09e2c616acb2333b67cb1f86382eac88ac1f2fb1120ad2517381e2125eb5a98a5d69d602918cc1ac1277cee1f5a976d8e1a3eb92b
Static task
static1
Behavioral task
behavioral1
Sample
RAMN.vbs
Resource
win7-20220310-en
Malware Config
Targets
-
-
Target
RAMN.vbs
-
Size
169KB
-
MD5
e5e7f440ae47fe295bb93034b1edf3c1
-
SHA1
bff968fb18c296edabf8ad52953e7c36ae0bcdea
-
SHA256
2a5fcd571c34b11c0c630c8cf1f50a91a136e931e0057f7f8e3ca36ecd73d993
-
SHA512
a45c68efa11bf061c5ed5fd09e2c616acb2333b67cb1f86382eac88ac1f2fb1120ad2517381e2125eb5a98a5d69d602918cc1ac1277cee1f5a976d8e1a3eb92b
-
Modifies firewall policy service
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-