Overview

overview

10

Static

static

Internet-Win7-30min

windows7_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    R.exe

  • Size

    4.0MB

  • Sample

    201222-v6l9frn9zs

  • MD5

    f454674192c23053843a3b493b3d0e7f

  • SHA1

    8cb0d3e35a58ddadfca4dbd87b075058b542092f

  • SHA256

    76de9f8d6f0fcf8c5fb2bafc387c363e138af15cf751d2c2a230ad9cafd6271c

  • SHA512

    655040b6c3a7ad5a61a475db45c34520fdcc296e03b360427c495529a862edb8c74b2b4dcf4a3b590e679c42eab66bc976092d80318407ca4355a2322506336a

Score
10/10
rmsaspackv2discoveryevasionrattrojanupx

Malware Config

Targets

    • Target

      R.exe

    • Size

      4.0MB

    • MD5

      f454674192c23053843a3b493b3d0e7f

    • SHA1

      8cb0d3e35a58ddadfca4dbd87b075058b542092f

    • SHA256

      76de9f8d6f0fcf8c5fb2bafc387c363e138af15cf751d2c2a230ad9cafd6271c

    • SHA512

      655040b6c3a7ad5a61a475db45c34520fdcc296e03b360427c495529a862edb8c74b2b4dcf4a3b590e679c42eab66bc976092d80318407ca4355a2322506336a

    Score
    10/10
    rmsaspackv2discoveryevasionrattrojanupx

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

      aspackv2

    • Executes dropped EXE

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks