Overview

overview

10

Static

static

vmtools.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    vmtools.exe

  • Size

    16.0MB

  • Sample

    210614-8eved7y9he

  • MD5

    4e91b0fddaf1eba8f92741ff59a6aca4

  • SHA1

    f96bd2a87253c146aacbbc38defdda5a2cab0497

  • SHA256

    260521f4e81572a65d2b6ccedac51cdd886bba3a8fc2342e501accc0f53f0ff1

  • SHA512

    183906ccc9cfdeb421a9fa25447c9b7825f6ffcafbbda18411cfabce5c0f437cd002f2f5193a6bcc3608b704458a3c746e5dce4b8223c3c844a98509ba4117e7

Score
10/10
rmsrattrojan

Malware Config

Targets

    • Target

      vmtools.exe

    • Size

      16.0MB

    • MD5

      4e91b0fddaf1eba8f92741ff59a6aca4

    • SHA1

      f96bd2a87253c146aacbbc38defdda5a2cab0497

    • SHA256

      260521f4e81572a65d2b6ccedac51cdd886bba3a8fc2342e501accc0f53f0ff1

    • SHA512

      183906ccc9cfdeb421a9fa25447c9b7825f6ffcafbbda18411cfabce5c0f437cd002f2f5193a6bcc3608b704458a3c746e5dce4b8223c3c844a98509ba4117e7

    Score
    10/10
    rmsrattrojan

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks