Overview

overview

10

Static

static

ac04924e6a...cb.exe

windows7_x64

10

ac04924e6a...cb.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ac04924e6ad389c88a185d5bc5c36e346106274e7f02b27033b607bd2cec35cb

  • Size

    4.7MB

  • Sample

    210516-lxptb15vza

  • MD5

    7db0161a7700c3b233b880509a6025ef

  • SHA1

    abe350ef99b478ce6ad14a625eea73b0671ac9ed

  • SHA256

    ac04924e6ad389c88a185d5bc5c36e346106274e7f02b27033b607bd2cec35cb

  • SHA512

    b3fccab9b8364266b4b10f5d9758fcddfd084d638d26d80d1e505a79e870ba694fe4287f32e72228c690d38e01b140eab6c7bd82d0f737d036a618430797f91b

Score
10/10
rmsrattrojan

Malware Config

Targets

    • Target

      ac04924e6ad389c88a185d5bc5c36e346106274e7f02b27033b607bd2cec35cb

    • Size

      4.7MB

    • MD5

      7db0161a7700c3b233b880509a6025ef

    • SHA1

      abe350ef99b478ce6ad14a625eea73b0671ac9ed

    • SHA256

      ac04924e6ad389c88a185d5bc5c36e346106274e7f02b27033b607bd2cec35cb

    • SHA512

      b3fccab9b8364266b4b10f5d9758fcddfd084d638d26d80d1e505a79e870ba694fe4287f32e72228c690d38e01b140eab6c7bd82d0f737d036a618430797f91b

    Score
    10/10
    rmsrattrojan

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks