Overview

overview

10

Static

static

AF01EC6131...9A.exe

windows7_x64

10

AF01EC6131...9A.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    AF01EC61317D91BC4CE4B70B972B6A5DD29DDCC18999A.exe

  • Size

    4.9MB

  • Sample

    210912-w269zsced7

  • MD5

    4d9350a29c7677374fbb8bc2e96a77f3

  • SHA1

    1fd63c7af6b2397d2f6616935aafef394f2394ed

  • SHA256

    af01ec61317d91bc4ce4b70b972b6a5dd29ddcc18999a937d298d7de8a0cf7af

  • SHA512

    7b69647225ef9d6d38389cc42a680946b85fc097d8681f715a6d0064dd205e3b743c42af163566071bab3f70b71e89a6e9629f540fd3ee1f5be8b5253876c7f0

Score
10/10
rmsrattrojan

Malware Config

Targets

    • Target

      AF01EC61317D91BC4CE4B70B972B6A5DD29DDCC18999A.exe

    • Size

      4.9MB

    • MD5

      4d9350a29c7677374fbb8bc2e96a77f3

    • SHA1

      1fd63c7af6b2397d2f6616935aafef394f2394ed

    • SHA256

      af01ec61317d91bc4ce4b70b972b6a5dd29ddcc18999a937d298d7de8a0cf7af

    • SHA512

      7b69647225ef9d6d38389cc42a680946b85fc097d8681f715a6d0064dd205e3b743c42af163566071bab3f70b71e89a6e9629f540fd3ee1f5be8b5253876c7f0

    Score
    10/10
    rmsrattrojan

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks