Overview

overview

10

Static

static

20b3ed0540...7e.exe

windows7_x64

10

20b3ed0540...7e.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    20b3ed0540bfde1726796e7532c89fb4208ff14a8a71412cd173da9dea994a7e

  • Size

    17.2MB

  • Sample

    211123-pgrv8saadp

  • MD5

    694c867093fd3e9ad0d495dd387d6091

  • SHA1

    82da7301be0bb0b62fe25fc567ee6138a8c84fae

  • SHA256

    20b3ed0540bfde1726796e7532c89fb4208ff14a8a71412cd173da9dea994a7e

  • SHA512

    8927538c49aa343d41a23bf213829570c2193972b1f38dd9ef701cdf88696bc44e36a1961c1fe2e8f8c120884851b5a97917138538087ed3c452d3d045822280

Score
10/10
rmsrattrojan

Malware Config

Targets

    • Target

      20b3ed0540bfde1726796e7532c89fb4208ff14a8a71412cd173da9dea994a7e

    • Size

      17.2MB

    • MD5

      694c867093fd3e9ad0d495dd387d6091

    • SHA1

      82da7301be0bb0b62fe25fc567ee6138a8c84fae

    • SHA256

      20b3ed0540bfde1726796e7532c89fb4208ff14a8a71412cd173da9dea994a7e

    • SHA512

      8927538c49aa343d41a23bf213829570c2193972b1f38dd9ef701cdf88696bc44e36a1961c1fe2e8f8c120884851b5a97917138538087ed3c452d3d045822280

    Score
    10/10
    rmsrattrojan

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks