Overview

overview

10

Static

static

00349c28a5...21.exe

windows7_x64

10

00349c28a5...21.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    00349c28a5f82e5617e4ca2410cc4b21.exe

  • Size

    5.4MB

  • Sample

    211027-tt8rqshcbm

  • MD5

    00349c28a5f82e5617e4ca2410cc4b21

  • SHA1

    916eacdc0c0b2c7f7d1ebae963d8edda8631e424

  • SHA256

    8b4e974a65677792d97fdcb35bba28c1e961b6b32c99b4baa81bfdd7c85348bd

  • SHA512

    f93ce4a93204e4a7410f553bf2af3ade1d6afb3d8509a2b1bb01bfef3645a1e68c6b3594142ed8b2681003941aa8913822d0910652e4da4dbbe8f42b5495a89e

Score
10/10
rmsrattrojan

Malware Config

Targets

    • Target

      00349c28a5f82e5617e4ca2410cc4b21.exe

    • Size

      5.4MB

    • MD5

      00349c28a5f82e5617e4ca2410cc4b21

    • SHA1

      916eacdc0c0b2c7f7d1ebae963d8edda8631e424

    • SHA256

      8b4e974a65677792d97fdcb35bba28c1e961b6b32c99b4baa81bfdd7c85348bd

    • SHA512

      f93ce4a93204e4a7410f553bf2af3ade1d6afb3d8509a2b1bb01bfef3645a1e68c6b3594142ed8b2681003941aa8913822d0910652e4da4dbbe8f42b5495a89e

    Score
    10/10
    rmsrattrojan

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks