Overview

overview

10

Static

static

550ee89d5d...e6.exe

windows7_x64

10

550ee89d5d...e6.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    550ee89d5df17f90ba7689d957cd067dcdbe3d957c5369ea28d925e02ccc8ce6

  • Size

    6.8MB

  • Sample

    220128-sqmvesfeaj

  • MD5

    4795fe6f5ce9557f6cbba6457b7931cc

  • SHA1

    f7abfa5b3dbb90a3804efc1ee82a1e7d951089d8

  • SHA256

    550ee89d5df17f90ba7689d957cd067dcdbe3d957c5369ea28d925e02ccc8ce6

  • SHA512

    7103d27d71f66434ca24dc4ee64b114bb375440f422c1191ac6eb15eabbc250c8b8d23dcdde523f02d446ef34332deb99256cccaba0ba09f31b4619d0f3e0fa3

Score
10/10
rmsevasionrattrojanupx

Malware Config

Targets

    • Target

      550ee89d5df17f90ba7689d957cd067dcdbe3d957c5369ea28d925e02ccc8ce6

    • Size

      6.8MB

    • MD5

      4795fe6f5ce9557f6cbba6457b7931cc

    • SHA1

      f7abfa5b3dbb90a3804efc1ee82a1e7d951089d8

    • SHA256

      550ee89d5df17f90ba7689d957cd067dcdbe3d957c5369ea28d925e02ccc8ce6

    • SHA512

      7103d27d71f66434ca24dc4ee64b114bb375440f422c1191ac6eb15eabbc250c8b8d23dcdde523f02d446ef34332deb99256cccaba0ba09f31b4619d0f3e0fa3

    Score
    10/10
    rmsevasionrattrojanupx

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • Executes dropped EXE

    • Stops running service(s)

      evasion

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks