Overview

overview

10

Static

static

8

19D1D20F58...61.exe

windows7_x64

10

19D1D20F58...61.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    19D1D20F580914EFBF1F300E65EE1F9E6FF771FC3D061.exe

  • Size

    11.1MB

  • Sample

    210803-mhv736kjye

  • MD5

    1c652681df1e57e8e4c45f0e37c069cb

  • SHA1

    0dd5c5623b808abb7a52d9b8fe3eb13749ffeb17

  • SHA256

    19d1d20f580914efbf1f300e65ee1f9e6ff771fc3d061a5549443ffcf77f252a

  • SHA512

    12111f20f53cfb046acb4ae25e9d180a7d228c040bf6c93573eb6381c26b8f7c2bf9d1e36dace3cb1f2ea92a3e475ec0629a49e9195488fd8c837a9b5291f80c

Score
10/10
rmsrattrojanupx

Malware Config

Targets

    • Target

      19D1D20F580914EFBF1F300E65EE1F9E6FF771FC3D061.exe

    • Size

      11.1MB

    • MD5

      1c652681df1e57e8e4c45f0e37c069cb

    • SHA1

      0dd5c5623b808abb7a52d9b8fe3eb13749ffeb17

    • SHA256

      19d1d20f580914efbf1f300e65ee1f9e6ff771fc3d061a5549443ffcf77f252a

    • SHA512

      12111f20f53cfb046acb4ae25e9d180a7d228c040bf6c93573eb6381c26b8f7c2bf9d1e36dace3cb1f2ea92a3e475ec0629a49e9195488fd8c837a9b5291f80c

    Score
    10/10
    rmsrattrojan

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks