Overview

overview

10

Static

static

RAMN2.vbs

windows7_x64

10

RAMN2.vbs

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RAMN2.vbs

  • Size

    223KB

  • Sample

    220312-kpbrrsdfdl

  • MD5

    2b4d47e402af16e0094eec1e8fbeaf98

  • SHA1

    40fdfbe617e8d6492712ed7c1bdefaecdb79fb30

  • SHA256

    bdde1e74ef46863692bd6975af9203dffa21931c60dc29f01f3cf69f2093e35a

  • SHA512

    7a8252eed1c0b0089fc56061d70149f5ed12992ea8d0f817d984cbfc3ad31c378f44eba1da833b9313b3757b3a7920a0dd7e9d7c427f528f8a11c1e9d1e5c162

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Targets

    • Target

      RAMN2.vbs

    • Size

      223KB

    • MD5

      2b4d47e402af16e0094eec1e8fbeaf98

    • SHA1

      40fdfbe617e8d6492712ed7c1bdefaecdb79fb30

    • SHA256

      bdde1e74ef46863692bd6975af9203dffa21931c60dc29f01f3cf69f2093e35a

    • SHA512

      7a8252eed1c0b0089fc56061d70149f5ed12992ea8d0f817d984cbfc3ad31c378f44eba1da833b9313b3757b3a7920a0dd7e9d7c427f528f8a11c1e9d1e5c162

    Score
    10/10
    ramnitbankerspywarestealertrojanupxworm

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

      trojanspywarestealerwormbankerramnit

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks