Overview

overview

10

Static

static

8e63f9781e...bc.exe

windows7_x64

10

8e63f9781e...bc.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8e63f9781e37269e3c4aea0f6266aa01154dc3491c5154267fda828d41e23abc

  • Size

    17.1MB

  • Sample

    211125-nrpyysfabp

  • MD5

    4998446e6c16d36185faa040c6ea659a

  • SHA1

    18828e72224bff71730ad7e90952d7d3b0a53293

  • SHA256

    8e63f9781e37269e3c4aea0f6266aa01154dc3491c5154267fda828d41e23abc

  • SHA512

    4db58e144acec3471ba9f007577b6e2f296394c520a02527ed5209563b122938214cc3c201021eb53cea49f681203ecf1c8c37629a678bb15e8d1a7ebed78fde

Score
10/10
rmsrattrojan

Malware Config

Targets

    • Target

      8e63f9781e37269e3c4aea0f6266aa01154dc3491c5154267fda828d41e23abc

    • Size

      17.1MB

    • MD5

      4998446e6c16d36185faa040c6ea659a

    • SHA1

      18828e72224bff71730ad7e90952d7d3b0a53293

    • SHA256

      8e63f9781e37269e3c4aea0f6266aa01154dc3491c5154267fda828d41e23abc

    • SHA512

      4db58e144acec3471ba9f007577b6e2f296394c520a02527ed5209563b122938214cc3c201021eb53cea49f681203ecf1c8c37629a678bb15e8d1a7ebed78fde

    Score
    10/10
    rmsrattrojan

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks