Overview

overview

10

Static

static

8

56CEC810FC...51.exe

windows7_x64

10

56CEC810FC...51.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    56CEC810FC6F445E17A04306B653BB3296B55FE481B51.exe

  • Size

    15.4MB

  • Sample

    211120-abgqrafac3

  • MD5

    7825beab377e9a88cd97cf5d2ccbf81b

  • SHA1

    fbaa432a4ce17068a6af7b79134d9004f569e162

  • SHA256

    56cec810fc6f445e17a04306b653bb3296b55fe481b518c9aca4b1ef69824a3e

  • SHA512

    592be3743297fdb76b05b4faaf7cff77c095ea816ea183a92e8e252ef9098aa34b232987f45b6ba37adcd78bb2e166cc57459bfd03ed1b189ca23e6c68b58bea

Score
10/10
rmsrattrojanupx

Malware Config

Targets

    • Target

      56CEC810FC6F445E17A04306B653BB3296B55FE481B51.exe

    • Size

      15.4MB

    • MD5

      7825beab377e9a88cd97cf5d2ccbf81b

    • SHA1

      fbaa432a4ce17068a6af7b79134d9004f569e162

    • SHA256

      56cec810fc6f445e17a04306b653bb3296b55fe481b518c9aca4b1ef69824a3e

    • SHA512

      592be3743297fdb76b05b4faaf7cff77c095ea816ea183a92e8e252ef9098aa34b232987f45b6ba37adcd78bb2e166cc57459bfd03ed1b189ca23e6c68b58bea

    Score
    10/10
    rmsrattrojan

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks