Overview

overview

10

Static

static

8c738710cf...bc.msi

windows7_x64

10

8c738710cf...bc.msi

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8c738710cff8cecb1f2e22c4255764e2288981b1d0d78f1d9afd715ab0188abc

  • Size

    3.9MB

  • Sample

    220128-ygfyeabhen

  • MD5

    d222abe44d1b0ff22e7a8c7f9f62c56f

  • SHA1

    daf996eba37bd4097b2bf67519f496b82e561093

  • SHA256

    8c738710cff8cecb1f2e22c4255764e2288981b1d0d78f1d9afd715ab0188abc

  • SHA512

    1c236807c34fa2ce402959772861c57242d3f98a1315b673f78668421e55ff6a73774768d1841b78a781917baf8f59ebb807eae26d2cc4b349092bcbcac200ba

Score
10/10
rmspersistencerattrojan

Malware Config

Targets

    • Target

      8c738710cff8cecb1f2e22c4255764e2288981b1d0d78f1d9afd715ab0188abc

    • Size

      3.9MB

    • MD5

      d222abe44d1b0ff22e7a8c7f9f62c56f

    • SHA1

      daf996eba37bd4097b2bf67519f496b82e561093

    • SHA256

      8c738710cff8cecb1f2e22c4255764e2288981b1d0d78f1d9afd715ab0188abc

    • SHA512

      1c236807c34fa2ce402959772861c57242d3f98a1315b673f78668421e55ff6a73774768d1841b78a781917baf8f59ebb807eae26d2cc4b349092bcbcac200ba

    Score
    10/10
    rmspersistencerattrojan

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks