Overview

overview

10

Static

static

5F6C5640C8...AB.exe

windows7_x64

10

5F6C5640C8...AB.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5F6C5640C86A69D41538E7781C1DC06C577D126FB66AB.exe

  • Size

    13.7MB

  • Sample

    211123-tnhy5aafcq

  • MD5

    f426b66b0ce498193c27bef3df1ed9cc

  • SHA1

    ae7fc9a0345e80ec36812ff6464d9ade1020315a

  • SHA256

    5f6c5640c86a69d41538e7781c1dc06c577d126fb66abb8d6eed72513fabc2c9

  • SHA512

    d922ef3ad2610c0caf1f9f99d80acf931eb79161ea295dd9b46a5a88433c8309194f79a5e971550b3fde2fcb86362fc727e8c538cd616d8c1caca7c46a0b7326

Score
10/10
rmsevasionrattrojan

Malware Config

Targets

    • Target

      5F6C5640C86A69D41538E7781C1DC06C577D126FB66AB.exe

    • Size

      13.7MB

    • MD5

      f426b66b0ce498193c27bef3df1ed9cc

    • SHA1

      ae7fc9a0345e80ec36812ff6464d9ade1020315a

    • SHA256

      5f6c5640c86a69d41538e7781c1dc06c577d126fb66abb8d6eed72513fabc2c9

    • SHA512

      d922ef3ad2610c0caf1f9f99d80acf931eb79161ea295dd9b46a5a88433c8309194f79a5e971550b3fde2fcb86362fc727e8c538cd616d8c1caca7c46a0b7326

    Score
    10/10
    rmsevasionrattrojan

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • Executes dropped EXE

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Deletes itself

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks