Overview

overview

10

Static

static

c583941fbe...74.exe

windows7_x64

8

c583941fbe...74.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c583941fbe12187c3cad31de199365f0461f57f0f56dfe07b241926a83bee074

  • Size

    4.2MB

  • Sample

    220128-xpymrabacq

  • MD5

    4506d4833a0c9173318806c603f14a3c

  • SHA1

    aa4ad783dfe3cc6b0b9612814ed9418253203c50

  • SHA256

    c583941fbe12187c3cad31de199365f0461f57f0f56dfe07b241926a83bee074

  • SHA512

    10d6f3bd0fcf0e3ebe156794731bef010dd0f997ed080718e58a213c5c3f6a8b0dcb4ebfb55f10bf66ae2435cbe4494757d296010ecc4969cbb8d8fc3e621a04

Score
10/10
rmsrattrojan

Malware Config

Targets

    • Target

      c583941fbe12187c3cad31de199365f0461f57f0f56dfe07b241926a83bee074

    • Size

      4.2MB

    • MD5

      4506d4833a0c9173318806c603f14a3c

    • SHA1

      aa4ad783dfe3cc6b0b9612814ed9418253203c50

    • SHA256

      c583941fbe12187c3cad31de199365f0461f57f0f56dfe07b241926a83bee074

    • SHA512

      10d6f3bd0fcf0e3ebe156794731bef010dd0f997ed080718e58a213c5c3f6a8b0dcb4ebfb55f10bf66ae2435cbe4494757d296010ecc4969cbb8d8fc3e621a04

    Score
    10/10
    rmsrattrojan

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks