Overview

overview

10

Static

static

43f99c7803...in.exe

windows7_x64

10

43f99c7803...in.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    43f99c7803096733f587609de930cc8f7f7efa089df450adca6d07d9e4d7eaf5.bin

  • Size

    11.2MB

  • Sample

    210416-vt99c6adke

  • MD5

    885048c2a7156ec45ad6ea9cb3e31fba

  • SHA1

    e9c35853bed083c1b16c9004bb0120b57ab3e425

  • SHA256

    43f99c7803096733f587609de930cc8f7f7efa089df450adca6d07d9e4d7eaf5

  • SHA512

    de1c4f1c70253d3123e5d6b458846610457f994ecc8e63ab26b5e65b28d509d9b76065640e30705629e8db606532a15f24eed738b77d8734559fd78c4fe18507

Score
10/10
rmsrattrojan

Malware Config

Targets

    • Target

      43f99c7803096733f587609de930cc8f7f7efa089df450adca6d07d9e4d7eaf5.bin

    • Size

      11.2MB

    • MD5

      885048c2a7156ec45ad6ea9cb3e31fba

    • SHA1

      e9c35853bed083c1b16c9004bb0120b57ab3e425

    • SHA256

      43f99c7803096733f587609de930cc8f7f7efa089df450adca6d07d9e4d7eaf5

    • SHA512

      de1c4f1c70253d3123e5d6b458846610457f994ecc8e63ab26b5e65b28d509d9b76065640e30705629e8db606532a15f24eed738b77d8734559fd78c4fe18507

    Score
    10/10
    rmsrattrojan

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks