Overview

overview

10

Static

static

Device/Har...vc.exe

windows7_x64

10

Device/Har...vc.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    BOX-BACKUP_2021-10-08_18_26_54.zip

  • Size

    6.7MB

  • Sample

    211008-v3fyraega2

  • MD5

    14bc95e2f22a12a52adcdedca93cc359

  • SHA1

    1eafc0873c1fa17928edca866ddc5ee7dba1e58b

  • SHA256

    c2bcfa07d401c8f06f76fb06180e5d58a8f9733f96e03a1659d34e888447a544

  • SHA512

    28c5467af0d64ced487bfbbf88d9d42490c612cdc8a33673327ca5d2cbf05f291e20cfb10c80f9ac38f76d2d412c4f1935df841a18c48f87e84f2d2b594708fe

Score
10/10
rmsrattrojan

Malware Config

Targets

    • Target

      Device/HarddiskVolume2/Program Files/VMware/tools/lib/vmaxsvc.exe

    • Size

      17.1MB

    • MD5

      383d6a55625a81ead08705003a6ac105

    • SHA1

      ade79797e95eb9487a272530e9e17f2181e81a45

    • SHA256

      e8b73d39c58fef2b571505bdd69e371c8ff095541528c7bcbbf4120e024a19bb

    • SHA512

      31d1d32d1fdc030a336d6f85a7111ae690f0f740f1a0a9683193faf0e13686d72ae5fb4e6963a57972ec19c9f195b4bab2453b80e25e07ab2da26f5a95bda394

    Score
    10/10
    rmsrattrojan

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks